Total
1169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1156 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | N/A |
| IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 | ||||
| CVE-2017-16761 | 1 Inedo | 1 Buildmaster | 2025-04-20 | N/A |
| An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | ||||
| CVE-2017-1159 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | N/A |
| IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. | ||||
| CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | N/A |
| There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | ||||
| CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2025-04-20 | N/A |
| The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | ||||
| CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2025-04-20 | N/A |
| ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | ||||
| CVE-2017-1195 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | N/A |
| IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. | ||||
| CVE-2017-12138 | 1 Xoops | 1 Xoops | 2025-04-20 | N/A |
| XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | ||||
| CVE-2017-1223 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | ||||
| CVE-2017-12344 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | N/A |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | ||||
| CVE-2017-11482 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | ||||
| CVE-2017-1002150 | 1 Fedoraproject | 1 Python-fedora | 2025-04-20 | N/A |
| python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | ||||
| CVE-2017-14038 | 1 Crushftp | 1 Crushftp | 2025-04-20 | N/A |
| CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | ||||
| CVE-2017-14358 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | N/A |
| A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | ||||
| CVE-2017-6018 | 1 Bbraun | 2 Spacestation, Station Firmware | 2025-04-20 | N/A |
| An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. | ||||
| CVE-2017-1448 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2025-04-20 | N/A |
| IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173. | ||||
| CVE-2017-1449 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | N/A |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. | ||||
| CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | N/A |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | ||||
| CVE-2017-2217 | 1 W3eden | 1 Download Manager | 2025-04-20 | N/A |
| Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2025-04-20 | N/A |
| A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | ||||