NotCVE - vendor:"Elog Project" product:"Elog" version:" <= 3.1.4-57bea22"

Page 2 of 9 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-6342

https://notcve.org/view.php?id=CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook. ELOG versión 3.1.1 permite a tacantes remotos enviar datos usando cualquier nombre que aparezca en el registro de usuarios logueados. • https://bugzilla.redhat.com/show_bug.cgi?id=1371328 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 0%CPEs: 70EXPL: 0

CVE-2008-7004

https://notcve.org/view.php?id=CVE-2008-7004

Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c. Desbordamiento de búfer en Electronic Logbook (ELOG) anteriores a v2.7.1 tiene un impacto y unos vectores de ataque desconocidos y posiblemente relacionados con elog.c. • http://www.osvdb.org/41684 http://www.vupen.com/english/advisories/2008/0265 https://exchange.xforce.ibmcloud.com/vulnerabilities/39903 https://midas.psi.ch/elog/download/ChangeLog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

CVE-2008-0444

https://notcve.org/view.php?id=CVE-2008-0444

Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Electronic Logbook (ELOG) anterior a 2.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro subtext a componentes no especificados. • http://midas.psi.ch/elog/download/ChangeLog http://osvdb.org/41681 http://secunia.com/advisories/28589 http://www.securityfocus.com/bid/27399 http://www.vupen.com/english/advisories/2008/0265 https://exchange.xforce.ibmcloud.com/vulnerabilities/39828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 68EXPL: 0

CVE-2008-0445

https://notcve.org/view.php?id=CVE-2008-0445

The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. La función replace_inline_img en elogd de Electronic Logbook (ELOG) anterior a 2.7.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante entradas logbook manipuladas. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://secunia.com/advisories/28589 http://www.securityfocus.com/bid/27399 http://www.vupen.com/english/advisories/2008/0265 https://exchange.xforce.ibmcloud.com/vulnerabilities/39824 •

1 2