Splunk

Splunk

160 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2011-4644

Exploit
  • EPSS 5.89%
  • Veröffentlicht 03.01.2012 11:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a managem...

4.3

CVE-2011-4778

  • EPSS 0.26%
  • Veröffentlicht 03.01.2012 11:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.

4.6

CVE-2011-4642

Exploit
  • EPSS 19.23%
  • Veröffentlicht 03.01.2012 11:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to ...

4

CVE-2011-4643

Exploit
  • EPSS 14.15%
  • Veröffentlicht 03.01.2012 11:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

8.8

CVE-2010-3322

  • EPSS 0.57%
  • Veröffentlicht 14.09.2010 17:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

4.6

CVE-2010-3323

  • EPSS 0.39%
  • Veröffentlicht 14.09.2010 17:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

7.5

CVE-2010-2502

  • EPSS 0.26%
  • Veröffentlicht 28.06.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an...

4.3

CVE-2010-2503

  • EPSS 0.26%
  • Veröffentlicht 28.06.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors...

6

CVE-2010-2504

  • EPSS 0.37%
  • Veröffentlicht 28.06.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

4.3

CVE-2010-2429

  • EPSS 0.28%
  • Veröffentlicht 24.06.2010 12:17:45
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.