Total
922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1195 | 1 Ibm | 1 Curam Social Program Management | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. | |||||
CVE-2017-1000434 | 1 Furikake Project | 1 Furikake | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); | |||||
CVE-2017-1000013 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | |||||
CVE-2015-2749 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
CVE-2015-2750 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | |||||
CVE-2017-1000070 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 | |||||
CVE-2017-8621 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | |||||
CVE-2017-1002150 | 1 Fedoraproject | 1 Python-fedora | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | |||||
CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2017-16569 | 1 Zurmo | 1 Zurmo Crm | 2023-12-10 | 4.9 MEDIUM | 4.8 MEDIUM |
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||||
CVE-2017-1223 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | |||||
CVE-2017-1000484 | 1 Plone | 1 Plone | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.) | |||||
CVE-2017-1000163 | 1 Phoenixframework | 1 Phoenix | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. | |||||
CVE-2017-12138 | 1 Xoops | 1 Xoops | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | |||||
CVE-2016-8947 | 1 Ibm | 1 Emptoris Sourcing | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834 | |||||
CVE-2016-8953 | 1 Ibm | 1 Emptoris Sourcing | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. | |||||
CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | |||||
CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | |||||
CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | |||||
CVE-2017-14525 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. |