Total
977 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000013 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | |||||
CVE-2017-1398 | 1 Ibm | 1 Websphere Commerce | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. | |||||
CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836. | |||||
CVE-2015-3880 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2017-9296 | 1 Hitachi | 1 Device Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | |||||
CVE-2017-8047 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Routing-release | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
CVE-2015-3190 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | |||||
CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2024-02-04 | 4.3 MEDIUM | 8.8 HIGH |
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |||||
CVE-2017-1000434 | 1 Furikake Project | 1 Furikake | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); | |||||
CVE-2017-11586 | 1 Finecms | 1 Finecms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | |||||
CVE-2015-5608 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | |||||
CVE-2017-1000484 | 1 Plone | 1 Plone | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.) | |||||
CVE-2017-9297 | 1 Hitachi | 1 Device Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | |||||
CVE-2015-2750 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | |||||
CVE-2017-1000163 | 1 Phoenixframework | 1 Phoenix | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. | |||||
CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||||
CVE-2015-5054 | 1 Ellucian | 1 Banner Student | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
CVE-2017-5002 | 1 Emc | 1 Rsa Archer Egrc | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. |