Stefan Ritt » Elog Web Logbook : Security Vulnerabilities, CVEs, CVSS score >= 3
Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
0.15%
Published
2009-09-11
Updated
2017-08-17
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
6.27%
Published
2006-12-28
Updated
2011-03-08
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.
Max CVSS
7.5
EPSS Score
9.58%
Published
2006-11-07
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
Max CVSS
5.1
EPSS Score
2.41%
Published
2006-09-28
Updated
2017-07-20
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.
Max CVSS
5.0
EPSS Score
2.15%
Published
2006-02-13
Updated
2017-07-20
The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.
Max CVSS
5.0
EPSS Score
1.37%
Published
2006-02-13
Updated
2017-07-20
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
Max CVSS
7.5
EPSS Score
1.08%
Published
2006-02-13
Updated
2017-07-20
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".
Max CVSS
7.5
EPSS Score
1.03%
Published
2006-02-13
Updated
2017-07-20
Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
7.70%
Published
2006-01-21
Updated
2017-07-20
Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.
Max CVSS
5.0
EPSS Score
0.84%
Published
2006-01-21
Updated
2017-07-20
ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.
Max CVSS
7.5
EPSS Score
0.91%
Published
2005-05-02
Updated
2011-03-08
Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.
Max CVSS
7.5
EPSS Score
14.73%
Published
2005-05-02
Updated
2017-07-11
12 vulnerabilities found