CVE-2006-5063
published 2006-09-28CVE-2006-5063: Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
PriorityP418medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
1.40%
69.2th percentile
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stefan_ritt | elog_web_logbook | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gw8f-chrw-2547: Cross-site scripting (XSS) vulnerability in Elog 2
ghsa_unreviewed·2022-05-01
CVE-2006-5063 [MEDIUM] GHSA-gw8f-chrw-2547: Cross-site scripting (XSS) vulnerability in Elog 2
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
Red Hat
libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
vendor_redhat·2009-08-01·CVSS 5.0
CVE-2006-7244 [MEDIUM] CWE-401 libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.
Statement: These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux.
Package: libpng10 (Red Hat Enterprise Linux 4) - Not affected
Package: libpng (Red Hat Enterprise Linux 5) - Not affected
Package: libpng (Red Hat Enterprise Linux 6) - Not affected
Red Hat
libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
vendor_redhat·2009-08-01·CVSS 5.0
CVE-2009-5063 [MEDIUM] CWE-401 libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
Statement: These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux.
Package: libpng10 (Red Hat Enterprise Linux 4) - Not affected
Package: libpng (Red Hat Enterprise Linux 5) - Not affected
Package: libpng (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389361http://secunia.com/advisories/22057http://secunia.com/advisories/23580http://www.debian.org/security/2006/dsa-1242http://www.securityfocus.com/bid/20181https://exchange.xforce.ibmcloud.com/vulnerabilities/29137http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389361http://secunia.com/advisories/22057http://secunia.com/advisories/23580http://www.debian.org/security/2006/dsa-1242http://www.securityfocus.com/bid/20181https://exchange.xforce.ibmcloud.com/vulnerabilities/29137
2006-09-28
Published