102 matches found
EUVD-2020-28153
Malware in sbrugna...
EUVD-2019-17151
Malware in sbrugna...
BIT-KIBANA-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...
BIT-ELK-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...
Metasploit Weekly Wrap-Up
Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...
Kibana Timelion Prototype Pollution Remote Code Execution Exploit
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...
Kibana Timelion Prototype Pollution Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Timelion Prototype Pollution RCE', 'Description' = %q Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in...
K54184111: Kibana vulnerability CVE-2019-7609
Security Advisory Description Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker...
SUSE CVE-2017-11479
Kibana versions prior to 5.6.1 had a cross-site scripting XSS vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
SUSE CVE-2019-7609
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...
SUSE CVE-2019-7616
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery SSRF flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an...
SUSE CVE-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...
Kibana 5.0.0 < 5.6.1 Cross-Site Scripting
According to its self-reported version number, the Kibana application running on the remote host is 5.0.0 prior to 5.6.1. It is, therefore, affected by the following vulnerabilities: - A cross-site scripting XSS in Timelion that could allow an attacker to obtain sensitive information from or...
Kibana Arbitrary Code Execution
Kibana contain an arbitrary code execution flaw in the Timelion visualizer...
Exploit for Code Injection in Elastic Kibana
CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain...
VulnCheck KEV: CVE-2019-7609
Kibana contain an arbitrary code execution flaw in the Timelion visualizer...
CVE-2020-7016
A flaw was found in kibana’s Timelion component. This flaw allows an attacker to construct a URL that can lead to the kibana process consuming large amounts of CPU and becoming unresponsive when viewed by a kibana user. The highest threat from this vulnerability is to system availability...
Denial Of Service (DoS)
kibana is vulnerable to denial of service DoS. The vulnerability exists as the timelion labels could be used to cause slowdowns when parsed through the RegExp object...
CVE-2020-7016
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...