Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-2578
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk prior to 5.0.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 5.0.4
Splunk Splunk 5.0.1
Splunk Splunk 5.0
Splunk Splunk 5.0.5
Splunk Splunk 5.0.2
Splunk Splunk 5.0.3
Splunk Splunk
Splunk Splunk 5.0.6
4.3
CVSSv2
CVE-2015-7604
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x prior to 6.2.6 and Splunk Light 6.2.x prior to 6.2.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.2.3
Splunk Splunk 6.2.1
Splunk Splunk 6.2.0
Splunk Splunk 6.2.2
Splunk Splunk 6.2.4
Splunk Splunk 6.2.5
4.3
CVSSv2
CVE-2013-2766
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 up to and including 4.3.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 4.3.1
Splunk Splunk 4.3
Splunk Splunk 4.3.4
Splunk Splunk 4.3.3
Splunk Splunk 4.3.2
Splunk Splunk 4.3.5
9
CVSSv2
CVE-2013-7394
The "runshellscript echo.sh" script in Splunk prior to 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
Splunk Splunk 5.0.1
Splunk Splunk 5.0
Splunk Splunk 5.0.2
Splunk Splunk
Splunk Splunk 5.0.3
9.3
CVSSv2
CVE-2013-6771
Directory traversal vulnerability in the collect script in Splunk prior to 5.0.5 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for th...
Splunk Splunk 5.0.1
Splunk Splunk 5.0
Splunk Splunk 5.0.2
Splunk Splunk
Splunk Splunk 5.0.3
3.5
CVSSv2
CVE-2016-4856
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x before 6.3.5 and Splunk Light 6.3.x before 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.3.0
Splunk Splunk 6.3.4
Splunk Splunk 6.3.3
Splunk Splunk 6.3.1
Splunk Splunk 6.3.2
4.6
CVSSv2
CVE-2011-4642
mappy.py in Splunk Web in Splunk 4.2.x prior to 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as d...
Splunk Splunk 4.2.3
Splunk Splunk 4.2.2
Splunk Splunk 4.2
Splunk Splunk 4.2.4
Splunk Splunk 4.2.1
1 EDB exploit
3 Github repositories
4.3
CVSSv2
CVE-2011-4778
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x prior to 4.2.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.
Splunk Splunk 4.2.3
Splunk Splunk 4.2.2
Splunk Splunk 4.2
Splunk Splunk 4.2.4
Splunk Splunk 4.2.1
3.5
CVSSv2
CVE-2014-3147
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise prior to 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
Splunk Splunk 6.0.2
Splunk Splunk
Splunk Splunk 6.0.0
Splunk Splunk 6.0.1
4.3
CVSSv2
CVE-2015-6514
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x prior to 6.2.4 and Splunk Light 6.2.x prior to 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.2.3
Splunk Splunk 6.2.1
Splunk Splunk 6.2.0
Splunk Splunk 6.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »