EUVD-2024-36380

Malicious code in bioql PyPI...

The vulnerability of the Splunk Web Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to influence the confidentiality and integrity of the protected information.

The vulnerability of the Splunk Web Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality and integrity of...

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

PT-2024-9890 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Description: The issue is related to insufficient access contr...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. An Access...

PHP 2chBBS vulnerable to cross-site scripting

Overview PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing...

Wired Community Software WWWThreads 5.0 SQL Command Input Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/967/info WWWThreads is a web bulletin board program that uses an SQL backend. Due to incomplete input validation, it is possible for an attacker to submit SQL commands through forms and manipulate the contents of the...

YABB远程文件泄露漏洞

BugCVE: CVE-2000-0853 BUGTRAQ: 1668 YaBB.pl是一个基于Web的公告牌脚本程序。YaBB.pl它将公告牌中的文章存放在编号的文本文件中。编号的文件名是在调用YaBB.pl时通过变量num=file来指定的。在检索该文件之前，YaBB在file后面添加一个后缀.txt。 由于YaBB中的输入合法性检查错误，在file中可以指定相对路径。这包括../类型的路径。此外，file可以不是数字格式，而且.txt后缀可以通过在file后面添加%00来避免。通过在单个请求中使用上述的这些漏洞，恶意用户可以察看Web服务器可以存取的任何文件。 9.1.2000...

Woltlab Burning Board XSS / SQL Injection Vulnerabilities

Binary data 2848.prm...

Wired Community Software WWWThreads 5.0 - SQL Command Input

Wired Community Software WWWThreads 5.0 - SQL Command Input source: https://www.securityfocus.com/bid/967/info WWWThreads is a web bulletin board program that uses an SQL backend. Due to incomplete input validation, it is possible for an attacker to submit SQL commands through forms and manipulat...