Vendor
Elog
Products
2
CVEs
6
Across products
209
Status
Private
Products
2- 208 CVEs
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-4439 | 0.01 | — | 0.08 | Dec 21, 2005 | Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter. | ||
| CVE-2025-64349 | 0.00 | — | 0.00 | Oct 31, 2025 | ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration. | ||
| CVE-2025-62618 | 0.00 | — | 0.00 | Oct 31, 2025 | ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text. | ||
| CVE-2008-7004 | 0.00 | — | 0.00 | Aug 19, 2009 | Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c. | ||
| CVE-2008-0444 | 0.00 | — | 0.01 | Jan 25, 2008 | Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. | ||
| CVE-2008-0445 | 0.00 | — | 0.01 | Jan 25, 2008 | The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. |