Total
922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8451 | 1 Elastic | 1 Kibana | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
CVE-2015-3880 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2017-16679 | 1 Sap | 1 Sap Kernel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | |||||
CVE-2017-9464 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated. | |||||
CVE-2017-1489 | 1 Ibm | 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | |||||
CVE-2015-5054 | 1 Ellucian | 1 Banner Student | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
CVE-2015-3190 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | |||||
CVE-2017-14524 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836. | |||||
CVE-2017-1558 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | |||||
CVE-2015-7943 | 3 Drupal, Jquery Update Project, Labjs Project | 3 Drupal, Jquery Update, Labjs | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. | |||||
CVE-2017-3105 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||||
CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |||||
CVE-2017-14725 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | |||||
CVE-2017-5002 | 1 Emc | 1 Rsa Archer Egrc | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. | |||||
CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||||
CVE-2017-1398 | 1 Ibm | 1 Websphere Commerce | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. | |||||
CVE-2017-1448 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173. | |||||
CVE-2017-1534 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. | |||||
CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2023-12-10 | 4.3 MEDIUM | 7.4 HIGH |
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. |