PT-2025-44664

Name of the Vulnerable Software and Affected Versions ELOG versions prior to 3.1.5-20251014 Description ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. The application includes usernames and...

Information disclosure

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older...

ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

This host has ELOG installed and is prone multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodelogmultvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod,...

ELOG Version Detection

This script finds the running ELOG Version and saves the result in KB. OpenVAS Vulnerability Test $Id: secpodelogdetect.nasl 5877 2017-04-06 09:01:48Z teissa $ ELOG Version Detection Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program is free software; you...

Cross site request forgery (csrf)

elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service infinite redirection via a request with the fail parameter set to 1, which redirects to the same request...

CVE-2006-0600

Removed by vendor...

CVE-2006-0347

The CVE-2006-0347 entry describes a directory traversal vulnerability in elog prior to version 2.6.1, allowing remote attackers to access arbitrary files outside the elog directory via ../ sequences in the URL, causing information disclosure. Debian security advisories (DSA-967-1) indicate fixes ...