27 matches found
Server side request forgery (ssrf)
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...
CVE-2016-10126
CVE-2016-10126 affects Splunk Enterprise and Splunk Web: multiple 5.0.x/6.x releases are vulnerable to remote HTTP request injection that can leak REST API authentication tokens via unspecified vectors (aka SPL-128840). Affected versions include 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x bef...
Atlassian Crucible Server 3.9.x < 3.9.2 Multiple Vulnerabilities
Binary data 9781.prm...
Splunk Enterprise Multiple Vulnerabilities (Nov 2016)
Splunk Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...
Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities
According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. ...
asterisk -- Mitigation for libcURL HTTP request injection vulnerability
The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...
CVE-2001-1089
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request...