Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | |||||
CVE-2017-14524 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
CVE-2017-5002 | 1 Emc | 1 Rsa Archer Egrc | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. | |||||
CVE-2017-1448 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173. | |||||
CVE-2017-16679 | 1 Sap | 1 Sap Kernel | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | |||||
CVE-2017-8451 | 1 Elastic | 1 Kibana | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
CVE-2017-12344 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
CVE-2017-2217 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2017-1000117 | 1 Git-scm | 1 Git | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. | |||||
CVE-2017-1000013 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | |||||
CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. | |||||
CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2024-02-28 | 4.3 MEDIUM | 8.8 HIGH |
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |||||
CVE-2017-1000070 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 | |||||
CVE-2016-7831 | 1 Fenrir-inc | 1 Sleipnir | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | |||||
CVE-2017-8621 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | |||||
CVE-2017-11482 | 1 Elastic | 1 Kibana | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
CVE-2016-8953 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. | |||||
CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||||
CVE-2017-8047 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Routing-release | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
CVE-2017-1000434 | 1 Furikake Project | 1 Furikake | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); |