Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Splunk 目录遍历漏洞
Vulnerability Description
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析机器产生的数据,包括所有IT系统和基础结构(物理、虚拟和云)生成的数据。 Splunk 5.0.4及之前版本的collect脚本中存在目录遍历漏洞。远程攻击者可通过‘file’参数中目录遍历字符‘..’利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A