242 matches found
Debian Security Advisory DSA 1242-1 (elog)
The remote host is missing an update to elog announced via advisory DSA 1242-1. Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following...
Debian: Security Advisory (DSA-967-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1242-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1242-1 : elog - several vulnerabilities
Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-5063 Tilman Koschnick discovered that log entry editing i...
CVE-2006-6318
The showeloglist function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service daemon crash by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from...
CVE-2006-6318
The showeloglist function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service daemon crash by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from...
CVE-2006-6318
Affected product: ELOG Web Logbook (versions up to 2.6.2). Vulnerability: show_elog_list in elogd.c dereferences NULL when a logbook name begins with “global”, causing a remote DoS (daemon crash) with authenticated access. Impact per sources: denial of service; no exploit details beyond that prov...
[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1242-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 27th, 2006 http://www.debian.org/security/faq -...
DSA-1242-1 elog
Bulletin has no description...
ELOG Web LogBook global Denial of Service
The remote web server is identified as ELOG Web Logbook, an open source blogging software. The version of ELOG Web Logbook installed on the remote host is vulnerable to a denial of service attack by requesting '/global' or any logbook with 'global' in its name. When a request like this is receive...
ELOG Web Logbook Remote Denial of Service Vulnerability
ELOG Web Logbook Remote Denial of Service Vulnerability OS2A ID: OS2A1008 Status: 10/31/2006 Issue Discovered 11/08/2006 Reported to the Vendor 11/08/2006 Fixed by Vendor 11/10/2006 Advisory Released Class: Denial of Service Severity: Medium Overview: --------- The Electronic Logbook ELOG is part...
[Full-disclosure] ELOG Web Logbook Remote Denial of Service Vulnerability
ELOG Web Logbook Remote Denial of Service Vulnerability OS2A ID: OS2A1008 Status: 10/31/2006 Issue Discovered 11/08/2006 Reported to the Vendor 11/08/2006 Fixed by Vendor 11/10/2006 Advisory Released Class: Denial of Service Severity: Medium Overview: --------- The Electronic Logbook ELOG is part...
CVE-2006-5790
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 an entry with an attachment whose name contains format string specifiers elsubmit function, and possibly other vectors in...
CVE-2006-5791
Multiple cross-site scripting XSS vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the filename for downloading, which is not quoted in an error message by the sendfiledirect function, and 2 the Type or Category values in a N...
CVE-2006-5791
Multiple cross-site scripting XSS vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the filename for downloading, which is not quoted in an error message by the sendfiledirect function, and 2 the Type or Category values in a N...
CVE-2006-5790
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 an entry with an attachment whose name contains format string specifiers elsubmit function, and possibly other vectors in...
CVE-2006-5790
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 an entry with an attachment whose name contains format string specifiers elsubmit function, and possibly other vectors in...
CVE-2006-5791
Multiple cross-site scripting XSS vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the filename for downloading, which is not quoted in an error message by the sendfiledirect function, and 2 the Type or Category values in a N...
CVE-2006-5791
CVE-2006-5791 affects the elog web-based logbook (ELOG 2.6.2 and earlier). The vulnerability arises from cross-site scripting in elogd.c, specifically via the download filename in send_file_direct and the Type/Category fields in New entries, allowing remote attackers to inject arbitrary HTML/scri...
CVE-2006-5790
The CVE-2006-5790 issue affects elog (web-based electronic logbook) up to version 2.6.2 and earlier, with multiple format-string vulnerabilities in elogd.c (and related vectors in functions such as el_submit, receive_config, show_rss_feed, show_elog_list, show_logbook_node, server_loop) that coul...