133 matches found
EUVD-2024-36380
Malicious code in bioql PyPI...
EUVD-2022-46557
Malicious code in bioql PyPI...
EUVD-2023-27034
Malicious code in bioql PyPI...
EUVD-2023-27042
Malicious code in bioql PyPI...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
CVE-2014-8302
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard...
CVE-2015-6515
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...
CVE-2014-5197
Directory traversal vulnerability in 1 Splunk Web or the 2 Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a URI, related to search ids...
CVE-2014-5198
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...
CVE-2015-7604
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-8303
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing...
The vulnerability in the Splunk Web platform for operational analysis of Splunk Enterprise’s web interface allows attackers to bypass security restrictions, increase their privileges, and execute arbitrary commands.
The vulnerability in the Splunk Web platform for operational analysis in Splunk Enterprise relates to insufficient protection of sensitive data when processing the /services/streams/search endpoint with the q parameter. Exploiting this vulnerability allows an attacker to bypass security...
The vulnerability in the web interface of the Splunk Web platform for operational analysis in Splunk Enterprise allows a attacker to perform a CSRF attack.
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a attacker to perform a CSRF attack.
The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...
The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a file to the Windows system’s root directory...
CVE-2024-45741
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...
PT-2024-7158 · Splunk · Splunk Cloud Platform +2
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 Splunk Cloud Platform versions prior to 9.1.2312.204 Descriptio...
The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting...