Vulnerabilities > Splunk

DATE CVE VULNERABILITY TITLE RISK
2010-09-14 CVE-2010-3322 XXE vulnerability in Splunk
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
network
low complexity
splunk CWE-611
8.8
2010-06-28 CVE-2010-2504 Information Disclosure vulnerability in Splunk
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
network
splunk
6.0
2010-06-28 CVE-2010-2503 Cross-Site Scripting vulnerability in Splunk
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
network
splunk CWE-79
4.3
2010-06-28 CVE-2010-2502 Path Traversal vulnerability in Splunk
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.
network
splunk CWE-22
7.5
2010-06-24 CVE-2010-2429 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
network
splunk CWE-79
4.3