CVE-2019-20375

A cross-site scripting XSS vulnerability in Electronic Logbook ELOG 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization loc command to elogd.c...

CVE-2025-64349

CVE-2025-64349 affects ELOG (the Electronic Logbook) with an authentication-level flaw: an authenticated, low-privilege user can modify another user’s profile, potentially changing the target’s email address and triggering a password reset to take over the account. Public records note ELOG defaul...

CVE-2025-64349 ELOG user profile missing authorization

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

EUVD-2006-0606

Malware in sbrugna...

EUVD-2006-0354

Malware in sbrugna...

EUVD-2006-0604

Malware in sbrugna...

EUVD-2006-0607

Malware in sbrugna...

EUVD-2008-0455

Malware in sbrugna...

EUVD-2019-13603

Malware in sbrugna...

EUVD-2019-13602

Malware in sbrugna...

EUVD-2006-6301

Malware in sbrugna...

EUVD-2019-13601

Malware in sbrugna...

EUVD-2006-0605

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - elog 3.1.1 allows remote attackers to post data as any username in the logbook. CVE-2016-6342 Note that Nessus relies on the presence of the package as reported...

Linux Distros Unpatched Vulnerability : CVE-2019-3996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. CVE-2019-3996 Note...

ELOG Unintended Proxy Vulnerability

ELOG is a web application written in C for creating personal and general purpose logs. An unintended proxy vulnerability exists in ELOG 3.1.4-57bea22 and earlier versions, which can be exploited by an unauthenticated, remote attacker by sending a specially crafted HTTP POST request that uses ELOG...

ELOG Reuse After Release Vulnerability

ELOG is a web application written in C for creating personal and general logs. A post-release reuse vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. A remote attacker can exploit this vulnerability by sending multiple HTTP POST requests to cause the ELOG server to crash, resulting i...

ELOG Information Disclosure Vulnerability

ELOG is a web application written in C for creating personal and general purpose logs. An information disclosure vulnerability exists in ELOG 3.1.4-57bea22 and prior versions. The vulnerability stems from errors such as configuration during operation of a networked system or product. An...