Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.

ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.