VYPR

Splunk

by Splunk

Source repositories

CVEs (55)

  • CVE-2014-5198Aug 12, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

  • CVE-2014-5197Aug 12, 2014
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.

  • CVE-2013-7394Aug 7, 2014
    risk 0.00cvss epss 0.02

    The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.

  • CVE-2013-6771Aug 7, 2014
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the…

  • CVE-2014-2578Apr 2, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-6447Jan 23, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6870Nov 25, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-2766Apr 10, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1908Aug 17, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2011-4778Jan 3, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.

  • CVE-2010-3323Sep 14, 2010
    risk 0.00cvss epss 0.01

    Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

  • CVE-2010-2504Jun 28, 2010
    risk 0.00cvss epss 0.01

    Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

  • CVE-2010-2503Jun 28, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3)…

  • CVE-2010-2502Jun 28, 2010
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via…

  • CVE-2010-2429Jun 24, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.

Page 3 of 3