Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-5791HistoryNov 07, 2006 - 11:07 p.m.
CVE-2006-5791
2006-11-0723:07:00
Debian Security Bug Tracker
security-tracker.debian.org
9
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | elog | < 3.1.3-1-1 | elog_3.1.3-1-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2006-5791
2006-11-07 00:00:00
cve
cve
CVE-2006-5791
2006-11-07 23:07:00
osv
osv
elog
2006-12-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 1242-1 (elog)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1242-1)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution
2006-12-27 00:00:00
nessus
nessus
Debian DSA-1242-1 : elog - several vulnerabilities
2006-12-30 00:00:00
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related for DEBIANCVE:CVE-2006-5791