Total
943 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3880 | 1 Phpbb | 1 Phpbb | 2017-09-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-5608 | 1 Joomla | 1 Joomla\! | 2017-09-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | |||||
| CVE-2015-2749 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2017-09-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2015-2750 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2017-09-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | |||||
| CVE-2017-1489 | 1 Ibm | 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more | 2017-09-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | |||||
| CVE-2017-1449 | 1 Ibm | 1 Emptoris Sourcing | 2017-09-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. | |||||
| CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2017-09-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | |||||
| CVE-2017-1195 | 1 Ibm | 1 Curam Social Program Management | 2017-09-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. | |||||
| CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | |||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2017-09-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
| CVE-2017-1448 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2017-08-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173. | |||||
| CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2017-08-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836. | |||||
| CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2017-08-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||||
| CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2017-08-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||||
| CVE-2017-12138 | 1 Xoops | 1 Xoops | 2017-08-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | |||||
| CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2017-07-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2017-11586 | 1 Finecms | 1 Finecms | 2017-07-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
| CVE-2016-8947 | 1 Ibm | 1 Emptoris Sourcing | 2017-07-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834 | |||||
| CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2017-07-26 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | |||||
| CVE-2017-1223 | 1 Ibm | 1 Bigfix Platform | 2017-07-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | |||||