Vulnerabilities (CVE)

Filtered by CWE-601
Total 977 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000013 1 Phpmyadmin 1 Phpmyadmin 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
CVE-2017-1398 1 Ibm 1 Websphere Commerce 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.
CVE-2016-8949 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2024-02-04 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
CVE-2015-3880 1 Phpbb 1 Phpbb 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2017-9296 1 Hitachi 1 Device Manager 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVE-2017-8047 2 Cloudfoundry, Pivotal 2 Cf-release, Routing-release 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.
CVE-2017-3126 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
CVE-2015-3190 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
CVE-2017-11879 1 Microsoft 1 Asp.net Core 2024-02-04 4.3 MEDIUM 8.8 HIGH
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2017-1000434 1 Furikake Project 1 Furikake 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));
CVE-2017-11586 1 Finecms 1 Finecms 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
CVE-2017-14358 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
CVE-2015-5608 1 Joomla 1 Joomla\! 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2017-1000484 1 Plone 1 Plone 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)
CVE-2017-9297 1 Hitachi 1 Device Manager 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVE-2015-2750 2 Debian, Drupal 2 Debian Linux, Drupal 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
CVE-2017-1000163 1 Phoenixframework 1 Phoenix 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
CVE-2017-11718 1 Metinfo Project 1 Metinfo 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
CVE-2015-5054 1 Ellucian 1 Banner Student 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
CVE-2017-5002 1 Emc 1 Rsa Archer Egrc 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.