Lucene search

K

Elog Security Vulnerabilities

cve
cve

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed...

7.5CVSS

7.4AI Score

0.007EPSS

2019-12-17 10:15 PM
47
cve
cve

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST...

6.5CVSS

6.9AI Score

0.019EPSS

2019-12-17 10:15 PM
45
cve
cve

CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST...

7.5CVSS

7.4AI Score

0.077EPSS

2019-12-17 10:15 PM
36
cve
cve

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET...

7.5CVSS

7.3AI Score

0.048EPSS

2019-12-17 10:15 PM
45
cve
cve

CVE-2019-3992

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older...

7.5CVSS

7.4AI Score

0.004EPSS

2019-12-17 10:15 PM
43
cve
cve

CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the...

7.5CVSS

7.3AI Score

0.002EPSS

2017-06-27 08:29 PM
23
cve
cve

CVE-2008-7004

Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to...

7.1AI Score

0.004EPSS

2009-08-19 10:30 AM
19
cve
cve

CVE-2008-0445

The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party...

6.8AI Score

0.009EPSS

2008-01-25 12:00 AM
16
cve
cve

CVE-2008-0444

Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified...

5.8AI Score

0.003EPSS

2008-01-25 12:00 AM
23