Shodan
Vulnerabilities
Vulnerable Software
Splunk:  >> Splunk  Security Vulnerabilities
CVE-2014-5197
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVSS Score
4.0
EPSS Score
0.006
Published
2014-08-12
CVE-2014-5198
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-08-12
CVE-2013-6771
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
CVSS Score
9.3
EPSS Score
0.041
Published
2014-08-07
CVE-2013-7394
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
CVSS Score
9.0
EPSS Score
0.008
Published
2014-08-07
CVE-2014-0160
Known exploited
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS Score
7.5
EPSS Score
0.944
Published
2014-04-07
CVE-2014-2578
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-04-02
CVE-2012-6447
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-01-23
CVE-2013-6870
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-11-25
CVE-2013-2766
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2013-04-10
CVE-2012-1908
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-08-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved