Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Known ELOG Vulnerabilities, Page 1 of 1  Not logged in ELOG logo
Date reported Date fixed Problem Versions Risk Solution Attachments
January 24, 2008 January 30, 2008 Cross-site scripting vulnerabilityprior to 2.7.2LowUpgrade to version 2.7.2  
January 24, 2008 January 22, 2008 Three different vulnerabilitiesprior to 2.7.1MediumUpgrade to version 2.7.1  
November 10, 2006 November 28, 2006 ELOG can be crashed with a specially crafted URLprior to 2.6.3MediumUpgrade to version 2.6.3  
November 02, 2006 November 28, 2006 Six different vulnerabilitiesprior to 2.6.3CriticalUpgrade to version 2.6.3  
January 19, 2006 January 19, 2006 Special HTTP requests can disclose the contents of abritrary files on serverprior to 2.6.1CriticalUpgrade to version 2.6.1  
December 20, 2005 February 14, 2005 Overly large parameters can cause execution of arbitrary code (buffer overflow)prior to 2.5.7HighUpgrade to version 2.5.7  
ELOG V3.1.4-ead6bbc