Buffer overflow : ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901009

Categoría: Buffer overflow

Título: ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Resumen: ELOG is prone to multiple vulnerabilities.

Descripción: Summary:
ELOG is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- A buffer overflow error in 'elog.c' when processing malformed data.

- An infinite loop in the 'replace_inline_img()' [elogd.c] function.

- An input validation error when handling the 'subtext' parameter.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary scripting
code, cause a denial of service or compromise a vulnerable system.

Affected Software/OS:
ELOG versions prior to 2.7.1.

Solution:
Upgrade ELOG Version to 2.7.1. Please see the
references for more info.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-7004
http://www.osvdb.org/41684
http://www.vupen.com/english/advisories/2008/0265
XForce ISS Database: elog-elogc-bo(39903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39903
Common Vulnerability Exposure (CVE) ID: CVE-2008-0444
BugTraq ID: 27399
http://www.securityfocus.com/bid/27399
http://osvdb.org/41681
http://secunia.com/advisories/28589
XForce ISS Database: elog-subtext-xss(39828)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39828
Common Vulnerability Exposure (CVE) ID: CVE-2008-0445
XForce ISS Database: elog-elogd-logbook-dos(39824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39824

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901009
Categoría:	Buffer overflow
Título:	ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities
Resumen:	ELOG is prone to multiple vulnerabilities.
Descripción:	Summary: ELOG is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - A buffer overflow error in 'elog.c' when processing malformed data. - An infinite loop in the 'replace_inline_img()' [elogd.c] function. - An input validation error when handling the 'subtext' parameter. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary scripting code, cause a denial of service or compromise a vulnerable system. Affected Software/OS: ELOG versions prior to 2.7.1. Solution: Upgrade ELOG Version to 2.7.1. Please see the references for more info. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-7004 http://www.osvdb.org/41684 http://www.vupen.com/english/advisories/2008/0265 XForce ISS Database: elog-elogc-bo(39903) https://exchange.xforce.ibmcloud.com/vulnerabilities/39903 Common Vulnerability Exposure (CVE) ID: CVE-2008-0444 BugTraq ID: 27399 http://www.securityfocus.com/bid/27399 http://osvdb.org/41681 http://secunia.com/advisories/28589 XForce ISS Database: elog-subtext-xss(39828) https://exchange.xforce.ibmcloud.com/vulnerabilities/39828 Common Vulnerability Exposure (CVE) ID: CVE-2008-0445 XForce ISS Database: elog-elogd-logbook-dos(39824) https://exchange.xforce.ibmcloud.com/vulnerabilities/39824
Copyright	Copyright (C) 2009 Greenbone AG