Elog Web Logbook@2.4 Security Vulnerabilities and Issues — Elog Web Logbook@2.4 CVE List

Lucene search

Stefan RittElog Web Logbook2.4

10 matches found

CVE•added 2006/01/21 1:3 a.m.•55 views

CVE-2006-0348

Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.2AI score0.01344EPSS

CVE•added 2006/01/21 1:3 a.m.•54 views

CVE-2006-0347

Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.

5CVSS6.5AI score0.00966EPSS

CVE•added 2006/02/13 11:6 a.m.•53 views

CVE-2006-0600

elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.

5CVSS6.4AI score0.01271EPSS

CVE•added 2006/02/13 11:6 a.m.•49 views

CVE-2006-0599

The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.

5CVSS6.4AI score0.00647EPSS

CVE•added 2006/12/28 8:28 p.m.•43 views

CVE-2006-6318

The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained fro...

5CVSS6AI score0.02629EPSS

CVE•added 2006/02/13 11:6 a.m.•42 views

CVE-2006-0598

Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.

7.5CVSS7.1AI score0.01412EPSS

CVE•added 2005/05/02 4:0 a.m.•36 views

CVE-2005-0440

ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.

7.5CVSS7AI score0.00624EPSS

CVE•added 2009/09/11 4:30 p.m.•34 views

CVE-2008-7206

Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).

4.3CVSS6AI score0.00318EPSS

CVE•added 2006/02/13 11:6 a.m.•33 views

CVE-2006-0597

Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".

7.5CVSS6.9AI score0.00937EPSS

CVE•added 2005/05/02 4:0 a.m.•30 views

CVE-2005-0439

Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.

7.5CVSS7.9AI score0.13506EPSS