12 matches found
CVE-2021-22151
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...
CVE-2021-22151 Kibana path traversal issue
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...
CVE-2021-22151 Kibana path traversal issue
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...
CVE-2021-22151
CVE-2021-22151 (Kibana path traversal) : The Kibana vulnerability arises from not validating a user-supplied path, allowing an attacker to traverse the Kibana host and load internal files ending in the .pbf extension. Public references describe this as a path-traversal flaw that can disclose inte...
Elastic Kibana Security Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. Elastic Kibana suffers from a security vulnerability that stems from not validating user-supplied paths...
SUSE CVE-2021-37938
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...
Kibana 7.14.0 HTML Injection
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Kibana 7.10.2 < 7.14.1 Code Execution
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Design/Logic Flaw
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...
CVE-2021-37938
CVE-2021-37938 affects Kibana on Windows, where a failure to validate a user-supplied path could cause directory traversal to load internal files ending with .pbf. Affected range per ENISA/Tenable/OSV/NVD entries centers on Kibana versions 7.9.0–7.15.1. Root cause: improper path validation allowi...
Elastic Stack Kibana 路径遍历漏洞
Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. Kibana has a security vulnerability that stems from not validating a user-supplied path that loads a .pbf fil...
Unfixed XSS vulnerability at www.pbfcomics.com
Security researcher mckt, has submitted on 24/06/2008 a cross-site-scripting XSS vulnerability affecting www.pbfcomics.com, which at the time of submission ranked 9853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It is currently...