9 matches found
CVE-2025-20388
CVE-2025-20388 affects Splunk Enterprise and Splunk Cloud Platform. A user with a role that has the high-privilege capability change_authentication could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. Affected v...
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...
Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net
ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...
Elasticsearch Arbitrary Code Execution Vulnerability
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene , it is mainly used in cloud computing , and supports data indexing via HTTP using JSON . A security vulnerability exists in Elasticsearch that allows a remote attacker to submit a special request to execute...
YaCy - The Peer to Peer Search Engine
YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is...
Soulseek 157 NS Code Execution
============================================= - Release date: May 24th, 2009 - Discovered by: Laurent Gaffié - Severity: critical ============================================= I. VULNERABILITY ------------------------- Soulseek 157 NS & 156. Remote Distributed Search Code Execution II. BACKGROUND...
Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution
============================================= - Release date: May 24th, 2009 - Discovered by: Laurent Gaffié - Severity: critical ============================================= I. VULNERABILITY ------------------------- Soulseek 157 NS & 156. Remote Distributed Search Code Execution II. BACKGROUN...
Replace the small bamboo of the NBSI2: the Opendatasource And Openrowset-vulnerability warning-the black bar safety net
Currently on the market of SQL Injection tools a lot, the most respected is the NBSI2. SQL Injection method on the Internet is everywhere, everyone serious to learn it will soon become the script of the invasion“master”it. But whether it is tools, or numerous methods, to guess the SQL data when t...