Lucene search
K

10 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/03/08 5:0 p.m.91 views

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

7.5CVSS6AI score0.99753EPSS
Exploits27
GithubExploit
GithubExploit
added 2023/11/14 4:6 a.m.968 views

Exploit for Improper Authorization in Splunk

CVE-2023-32707 An improved POC exploit based on the reported C...

8.8CVSS8.8AI score0.73537EPSS
Exploits7
Metasploit
Metasploit
added 2023/10/26 7:50 p.m.351 views

Splunk "edit_user" Capability Privilege Escalation

A low-privileged user who holds a role that has the "edituser" capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the "edituser" capability does not honor the "grantableRoles" setting in the authorize.con...

8.8CVSS8.8AI score0.73537EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.519 views

Splunk 9.0.5 - admin account take over

!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...

8.8CVSS7AI score0.73537EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/09/11 12:0 a.m.273 views

Splunk Enterprise Account Takeover

https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...

8.8CVSS7.1AI score0.73537EPSS
Exploits7
0day.today
0day.today
added 2023/09/11 12:0 a.m.397 views

Splunk Enterprise Account Takeover Exploit

Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edituser capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests...

8.8CVSS7AI score0.73537EPSS
Exploits7
OSV
OSV
added 2023/06/01 5:15 p.m.3 views

CVE-2023-32707

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edituser’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted w...

8.8CVSS7.3AI score0.73537EPSS
Exploits7References2
Vulnrichment
Vulnrichment
added 2023/06/01 4:34 p.m.10 views

CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edituser’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted w...

8.8CVSS8.7AI score0.73537EPSS
Exploits7References2
Cvelist
Cvelist
added 2023/06/01 4:34 p.m.43 views

CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edituser’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted w...

8.8CVSS8.9AI score0.73537EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2023/06/01 12:0 a.m.50 views

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0602)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0602 advisory. - In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a...

8.8CVSS7.9AI score0.73537EPSS
Exploits7References2
Rows per page
Query Builder