CVE-2012-1908
- EPSS 0.94%
- Veröffentlicht 17.08.2012 00:55:02
- Zuletzt bearbeitet 16.06.2026 23:40:32
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-4644
- EPSS 7.83%
- Veröffentlicht 03.01.2012 11:55:04
- Zuletzt bearbeitet 16.06.2026 23:35:11
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a managem...
CVE-2011-4778
- EPSS 0.92%
- Veröffentlicht 03.01.2012 11:55:04
- Zuletzt bearbeitet 16.06.2026 23:35:24
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.
CVE-2011-4642
- EPSS 28.93%
- Veröffentlicht 03.01.2012 11:55:03
- Zuletzt bearbeitet 16.06.2026 23:35:11
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to ...
- EPSS 8.42%
- Veröffentlicht 03.01.2012 11:55:03
- Zuletzt bearbeitet 16.06.2026 23:35:11
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.
CVE-2010-3322
- EPSS 1.05%
- Veröffentlicht 14.09.2010 17:00:02
- Zuletzt bearbeitet 16.06.2026 23:22:34
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
CVE-2010-3323
- EPSS 0.76%
- Veröffentlicht 14.09.2010 17:00:02
- Zuletzt bearbeitet 16.06.2026 23:22:35
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
CVE-2010-2502
- EPSS 2.64%
- Veröffentlicht 28.06.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:20:52
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an...
CVE-2010-2503
- EPSS 0.86%
- Veröffentlicht 28.06.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:20:52
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors...
- EPSS 0.87%
- Veröffentlicht 28.06.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:20:52
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.