Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.5.7 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.6.0 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.5.7 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.6.0 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stefan_ritt | elog_web_logbook | 2.0.0 |
| stefan_ritt | elog_web_logbook | 2.1.0 |
| stefan_ritt | elog_web_logbook | 2.2.3 |
| stefan_ritt | elog_web_logbook | 2.0.5 |
| stefan_ritt | elog_web_logbook | 2.1.2 |
| stefan_ritt | elog_web_logbook | 2.4 |
| stefan_ritt | elog_web_logbook | 2.2.1 |
| stefan_ritt | elog_web_logbook | 2.0.1 |
| stefan_ritt | elog_web_logbook | 2.1.3 |
| stefan_ritt | elog_web_logbook | 2.2.0 |
| stefan_ritt | elog_web_logbook | 2.5.6 |
| stefan_ritt | elog_web_logbook | 2.0.3 |
| stefan_ritt | elog_web_logbook | 2.2.2 |
| stefan_ritt | elog_web_logbook | 2.0.2 |
| stefan_ritt | elog_web_logbook | 2.0.4 |
| stefan_ritt | elog_web_logbook | 2.2.4 |
| stefan_ritt | elog_web_logbook | 2.5 |
| stefan_ritt | elog_web_logbook | 2.1.1 |