elog: multiple vulnerabilities
| Package(s): | elog |
CVE #(s): | CVE-2006-5063
CVE-2006-5790
CVE-2006-5791
CVE-2006-6318
|
| Created: | December 28, 2006 |
Updated: | January 3, 2007 |
| Description: |
elog, a web-based electronic logbook has multiple vulnerabilities that
may lead to arbitrary code execution.
Log entry editing in HTML has a cross-site scripting vulnerability.
A number of format string vulnerabilities may be used for the execution of
arbitrary code. There are cross-site scripting vulnerabilities related to
the creation of new logbook entries.
There is insufficient error handling in config the file parsing that may be used for a denial of service attack. |
| Alerts: |
|
