Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2578
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk prior to 5.0.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 5.0.4
Splunk Splunk 5.0.5
Splunk Splunk 5.0.6
Splunk Splunk
Splunk Splunk 5.0.2
Splunk Splunk 5.0.3
Splunk Splunk 5.0
Splunk Splunk 5.0.1
NA
CVE-2013-2766
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 up to and including 4.3.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 4.3.3
Splunk Splunk 4.3.2
Splunk Splunk 4.3.5
Splunk Splunk 4.3.4
Splunk Splunk 4.3.1
Splunk Splunk 4.3
NA
CVE-2015-7604
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x prior to 6.2.6 and Splunk Light 6.2.x prior to 6.2.6 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.2.0
Splunk Splunk 6.2.1
Splunk Splunk 6.2.2
Splunk Splunk 6.2.3
Splunk Splunk 6.2.4
Splunk Splunk 6.2.5
NA
CVE-2013-7394
The "runshellscript echo.sh" script in Splunk prior to 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
Splunk Splunk
Splunk Splunk 5.0.2
Splunk Splunk 5.0.1
Splunk Splunk 5.0
Splunk Splunk 5.0.3
NA
CVE-2013-6771
Directory traversal vulnerability in the collect script in Splunk prior to 5.0.5 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for th...
Splunk Splunk
Splunk Splunk 5.0.3
Splunk Splunk 5.0.2
Splunk Splunk 5.0.1
Splunk Splunk 5.0
NA
CVE-2011-4778
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x prior to 4.2.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614.
Splunk Splunk 4.2.2
Splunk Splunk 4.2.3
Splunk Splunk 4.2
Splunk Splunk 4.2.1
Splunk Splunk 4.2.4
NA
CVE-2011-4642
mappy.py in Splunk Web in Splunk 4.2.x prior to 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as d...
Splunk Splunk 4.2.4
Splunk Splunk 4.2.2
Splunk Splunk 4.2.3
Splunk Splunk 4.2
Splunk Splunk 4.2.1
1 EDB exploit
3 Github repositories
4.8
CVSSv3
CVE-2016-4856
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x before 6.3.5 and Splunk Light 6.3.x before 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.3.4
Splunk Splunk 6.3.3
Splunk Splunk 6.3.2
Splunk Splunk 6.3.1
Splunk Splunk 6.3.0
NA
CVE-2014-3147
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise prior to 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
Splunk Splunk 6.0.1
Splunk Splunk
Splunk Splunk 6.0.0
Splunk Splunk 6.0.2
NA
CVE-2015-6514
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x prior to 6.2.4 and Splunk Light 6.2.x prior to 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 6.2.1
Splunk Splunk 6.2.2
Splunk Splunk 6.2.3
Splunk Splunk 6.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »