242 matches found
CVE-2006-5791
Removed by vendor...
CVE-2006-5790
Removed by vendor...
Debian DSA-967-1 : elog - several vulnerabilities
Several security problems have been found in elog, an electronic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-4439 'GroundZero Security' discovered that elog insufficiently checks the size of a buffer used for processing...
CVE-2006-5063
Cross-site scripting XSS vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode...
CVE-2006-5063
CVE-2006-5063 is an XSS vulnerability in elog (web-based logbook), where editing log entries in HTML mode allows remote attackers to inject script/HTML. Affected: elog; root cause: HTML editing path lacks proper input sanitization. Impact: client-side script execution that can compromise user ses...
CVE-2006-5063
Removed by vendor...
CVE-2006-5063
Cross-site scripting XSS vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode...
Stack overflow
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service application crash and possibly execute code via long "revision attributes"...
Cross site request forgery (csrf)
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service infinite redirection via a request with the fail parameter set to 1, which redirects to the same request...
CVE-2006-0600
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service infinite redirection via a request with the fail parameter set to 1, which redirects to the same request...
CVE-2006-0598
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file...
CVE-2006-0599
The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...
CVE-2006-0597
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service application crash and possibly execute code via long "revision attributes"...
CVE-2006-0598
CVE-2006-0598 is a buffer overflow in elogd.c of the elog log system, exploitable via writing to the log file on affected versions before the patch. Public sources identify the vulnerability in elog up to version 2.5.7 r1558-4. Debian’s DSA-967-1 and related advisories confirm multiple vulnerabil...
CVE-2006-0597
The CVE-2006-0597 issue applies to the elog package (elogd.c) in elog before version 2.5.7 r1558-4. The vulnerability is a stack-based buffer overflow triggered by overly long revision attributes, which can cause an application crash (DoS) and potentially allow code execution. Public advisories (...
CVE-2006-0600
CVE-2006-0600 affects elog, a logbook app. The issue is an input handling flaw in the fail parameter that can trigger an infinite redirect, enabling denial of service. Debian’s DSA-967-1 and OpenVAS notes confirm the vulnerability and list affected versions; fixes were released as elog 2.5.7+r155...
CVE-2006-0599
CVE-2006-0599 affects the elog/elogd components in the Debian elog package prior to version 2.5.7+r1558-4. The vulnerability causes the system to emit different error messages for invalid passwords versus invalid usernames, enabling remote attackers to probe for valid usernames (information discl...
CVE-2006-0599
The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...
CVE-2006-0600
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service infinite redirection via a request with the fail parameter set to 1, which redirects to the same request...
CVE-2006-0600
Removed by vendor...