Total
924 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6324 | 1 F-secure | 1 Radar | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | |||||
CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | |||||
CVE-2016-9078 | 1 Mozilla | 1 Firefox | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. | |||||
CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | |||||
CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. | |||||
CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||||
CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||||
CVE-2017-8047 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Routing-release | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
CVE-2015-5608 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | |||||
CVE-2015-6961 | 1 Web2py | 1 Web2py | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. | |||||
CVE-2017-1000117 | 1 Git-scm | 1 Git | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. | |||||
CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
CVE-2017-1668 | 1 Ibm | 1 Security Key Lifecycle Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. | |||||
CVE-2017-11586 | 1 Finecms | 1 Finecms | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
CVE-2017-1000481 | 1 Plone | 1 Plone | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. | |||||
CVE-2017-9297 | 1 Hitachi | 1 Device Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | |||||
CVE-2017-2217 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2017-1449 | 1 Ibm | 1 Emptoris Sourcing | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. | |||||
CVE-2016-7831 | 1 Fenrir-inc | 1 Sleipnir | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. |