Total
966 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10368 | 1 Opsview | 1 Opsview | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. | |||||
CVE-2016-8376 | 1 Kabona Ab | 1 Webdatorcentral | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. | |||||
CVE-2016-4075 | 1 Opera | 2 Opera Browser, Opera Mini | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||||
CVE-2017-1159 | 1 Ibm | 1 Business Process Manager | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. | |||||
CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | |||||
CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||||
CVE-2017-1156 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 | |||||
CVE-2016-10315 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. | |||||
CVE-2017-5571 | 1 Flexerasoftware | 1 Flexnet Publisher | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-6636 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | |||||
CVE-2016-3040 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-5878 | 1 Ibm | 1 Filenet Workplace | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2024-02-04 | 5.8 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-1000001 | 1 Flask-oidc Project | 1 Flask-oidc | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||||
CVE-2015-5354 | 1 Novius-os | 1 Novius Os | 2024-02-04 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. | |||||
CVE-2015-0697 | 1 Cisco | 1 Telepresence Tc Software | 2024-02-04 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | |||||
CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2024-02-04 | 5.8 MEDIUM | N/A |
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. |