UBUNTU-CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request...

CVE-2019-3996

CVE-2019-3996 affects ELOG 3.1.4-57bea22 and earlier, enabling an unauthenticated remote attacker to use ELOG as an HTTP GET proxy by sending crafted HTTP POST requests. Public writeups in NVD/Nessus/Fedora advisories confirm the vulnerability in the ELOG web application and identify patched Fedo...

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests...

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request...

CVE-2019-3995

CVE-2019-3995 affects ELOG 3.1.4-57bea22 and earlier. The root cause is a NULL pointer dereference, enabling a remote unauthenticated attacker to crash the ELOG server via a crafted HTTP GET request (DoS). Multiple connected sources confirm Fedora advisories and CNVD entries describing the same i...

CVE-2019-3994

CVE-2019-3994 affects ELOG 3.1.4-57bea22 and earlier. The vulnerability is a denial-of-service caused by a use-after-free in the retrieve_url() function, enabling a remote unauthenticated attacker to crash the ELOG server by sending multiple HTTP POST requests. The public documents consistently d...

CVE-2019-3994

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieveurl to use a freed variable...

CVE-2019-3993

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request...

CVE-2019-3993

Summary: CVE-2019-3993 affects ELOG 3.1.4-57bea22 and earlier. A remote unauthenticated attacker can cause an information disclosure to recover a user’s password hash via a crafted HTTP POST request, exposing credential material. Affected versions: ELOG 3.1.4-57bea22 and earlier (per Red Hat/RH, ...

CVE-2019-3992

CVE-2019-3992 affects ELOG 3.1.4-57bea22 and earlier; an unauthenticated remote attacker can access the server’s configuration file via an HTTP GET, potentially exposing valid admin usernames and, in older versions, passwords. Connected sources confirm the vulnerability and that Fedora advisories...

CVE-2019-3992

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older...

PT-2019-16835 · Elog · Elog

Name of the Vulnerable Software and Affected Versions: ELOG versions 3.1.4-57bea22 and below Description: The issue is related to a denial of service due to a use after free, where a remote unauthenticated attacker can crash the server by sending multiple HTTP POST requests. This causes the...

ELOG < 3.1.4-283534d Multiple Vulnerabilities - Active Check

ELOG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elogproject:elog"; ifdescription...

elog-ch.net Cross Site Scripting vulnerability

Security Researcher logindenied Helped patch 7927 vulnerabilities Received 8 Coordinated Disclosure badges Received 76 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting elog-ch.net website and its users. Following coordinat...

elog-ch.net XSS vulnerability

Open Bug Bounty ID: OBB-610061 Description| Value ---|--- Affected Website:| elog-ch.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

elog-ch.net XSS vulnerability

Open Bug Bounty ID: OBB-522721 Description| Value ---|--- Affected Website:| elog-ch.net Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...

elog-ch.net XSS vulnerability

Open Bug Bounty ID: OBB-507972 Description| Value ---|--- Affected Website:| elog-ch.net Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...

elog incorrect authentication vulnerability

elog is a logging library written in the Erlang language that supports log hierarchies. A security vulnerability exists in elog version 3.1.1. A remote attacker can exploit the vulnerability to publish data on the logbook under an arbitrary user name...

UBUNTU-CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook...

CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook...