Splunk

Splunk

160 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2011-4644

Exploit
  • EPSS 5.89%
  • Published 03.01.2012 11:55:04
  • Last modified 11.04.2025 00:51:21

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a managem...

4.3

CVE-2011-4778

  • EPSS 0.26%
  • Published 03.01.2012 11:55:04
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.

4.6

CVE-2011-4642

Exploit
  • EPSS 19.23%
  • Published 03.01.2012 11:55:03
  • Last modified 11.04.2025 00:51:21

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to ...

4

CVE-2011-4643

Exploit
  • EPSS 14.15%
  • Published 03.01.2012 11:55:03
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

8.8

CVE-2010-3322

  • EPSS 0.57%
  • Published 14.09.2010 17:00:02
  • Last modified 11.04.2025 00:51:21

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

4.6

CVE-2010-3323

  • EPSS 0.39%
  • Published 14.09.2010 17:00:02
  • Last modified 11.04.2025 00:51:21

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

7.5

CVE-2010-2502

  • EPSS 0.26%
  • Published 28.06.2010 18:30:00
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an...

4.3

CVE-2010-2503

  • EPSS 0.26%
  • Published 28.06.2010 18:30:00
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors...

6

CVE-2010-2504

  • EPSS 0.37%
  • Published 28.06.2010 18:30:00
  • Last modified 11.04.2025 00:51:21

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

4.3

CVE-2010-2429

  • EPSS 0.28%
  • Published 24.06.2010 12:17:45
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.