Filtered by vendor Elog Subscriptions
Filtered by product Elog Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-62618 1 Elog 1 Elog 2025-11-04 8 High
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
CVE-2025-64349 1 Elog 1 Elog 2025-11-03 8.8 High
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
CVE-2025-64348 1 Elog 1 Elog 2025-11-03 7.1 High
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow shell commands or self-registration.
CVE-2008-0444 1 Elog 1 Elog 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.
CVE-2008-0445 1 Elog 1 Elog 2025-04-09 N/A
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
CVE-2008-7004 1 Elog 1 Elog 2025-04-09 N/A
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.