Show filters
218 Total Results
Displaying 201-210 of 218
Sort by:
Attacker Value
Unknown

CVE-2014-5198

Disclosure Date: August 12, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
0
0
Attacker Value
Unknown

CVE-2013-7394

Disclosure Date: August 07, 2014 (last updated October 05, 2023)
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
0
0
Attacker Value
Unknown

CVE-2013-6771

Disclosure Date: August 07, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
0
0
Attacker Value
Unknown

CVE-2014-2578

Disclosure Date: April 02, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2012-6447

Disclosure Date: January 23, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-6870

Disclosure Date: November 25, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-2766

Disclosure Date: April 10, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2012-1908

Disclosure Date: August 17, 2012 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
0
0
Attacker Value
Unknown

CVE-2011-4778

Disclosure Date: January 03, 2012 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.
0
0
Attacker Value
Unknown

CVE-2011-4644

Disclosure Date: January 03, 2012 (last updated October 04, 2023)
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
0
0
View More Topics  < Previous  Next >