CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2016-4859
https://notcve.org/view.php?id=CVE-2016-4859
12 May 2017 — Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.3, Splunk... • http://www.securityfocus.com/bid/92603 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 3.5EPSS: 9%CPEs: 8EXPL: 5CVE-2017-5607 – Splunk Enterprise - Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5607
01 Apr 2017 — Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage. Splunk Enterprise 5.0.x en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.14, 6.1.x en versiones anteriore... • https://packetstorm.news/files/id/141875 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2017-5880
https://notcve.org/view.php?id=CVE-2017-5880
04 Feb 2017 — Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. Splunk Web en Splunk Enterprise versiones 6.5.x en versiones anteriores a 6.5.2, 6.4.x en versiones anteriores a 6.4.5, 6.3.x en versiones anteriores a 6.3.9, 6.2.x en ... • http://www.splunk.com/view/SP-CAAAPW8 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 66EXPL: 0CVE-2016-10126
https://notcve.org/view.php?id=CVE-2016-10126
10 Jan 2017 — Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. Splunk Web en Splunk Enterprise 5.0.x en versiones anteriores a 5.0.17, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.12, 6.2.x en versiones anteriores a... • http://www.securityfocus.com/bid/95412 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2015-6515
https://notcve.org/view.php?id=CVE-2015-6515
18 Aug 2015 — Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 6.2.x en versiones anteriores a 6.2.4, 6.1.x en versiones anteriores a 6.1.8, 6.0.x en versiones anteriores a 6.0.9 y 5.0.x en versiones anteriores a 5.0.13 y Splunk Light 6.2.x en v... • http://www.securitytracker.com/id/1032859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2014-5466
https://notcve.org/view.php?id=CVE-2014-5466
16 Dec 2014 — Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Dashboard en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.4, 6.0.x anterior a 6.0.7, y 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.splunk.com/view/SP-CAAANST • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2014-8380 – Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8380
21 Oct 2014 — Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. Vulnerabilidad de XSS en Splunk 6.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer en una respuesta '404 Not Found'. NOTA: esta vulnerabilidad puede existir debido a una regresión de... • https://packetstorm.news/files/id/140395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8302
https://notcve.org/view.php?id=CVE-2014-8302
16 Oct 2014 — Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard. Vulnerabilidad de XSS en Splunk Web en Splunk Enterpirse 6.1.x anterior a 6.1.x anterior a 6.1.4, 6.0.x anterior a 6.0.6, y 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con dashbo... • http://www.securitytracker.com/id/1030994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8303
https://notcve.org/view.php?id=CVE-2014-8303
16 Oct 2014 — Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. Vulnerabilida de XSS en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.4 anterior a 6.0.x anterior a 6.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con el análisis del evento. • http://www.securitytracker.com/id/1030994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5197
https://notcve.org/view.php?id=CVE-2014-5197
12 Aug 2014 — Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. Vulnerabilidad de salto de directorio en (1) Splunk Web o (2) Splunkd HTTP Server en Splunk Enterprise 6.1.x anterior a 6.1.3 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en una URI, relacionado con 'search ids'. • http://secunia.com/advisories/59940 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •