Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
|
|||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.
|
|||||
| CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
|
|||||
| CVE-2018-8813 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 4.9 MEDIUM | 4.8 MEDIUM |
|
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
|
|||||
| CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.
|
|||||
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a ph ...
Show More |
|||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
|
|||||
| CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.8 MEDIUM | 2.1 LOW |
|
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
|
|||||
| CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.
|
|||||
| CVE-2018-7091 | 1 Hp | 1 Xp 9000 Command View | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.
|
|||||
| CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
|
|||||
| CVE-2018-6324 | 1 F-secure | 1 Radar | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.
|
|||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
|
|||||
| CVE-2018-5548 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
|
|||||
| CVE-2018-5304 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions.
|
|||||
| CVE-2018-3819 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
|
|||||
| CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
|
|||||
| CVE-2018-3743 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.
|
|||||
| CVE-2018-2476 | 1 Sap | 1 Netweaver | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
|
|||||
| CVE-2018-25091 | 1 Python | 1 Urllib3 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
|
|||||
| CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
|
|||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
|
|||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
|
|||||
| CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
|
IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.
|
|||||
| CVE-2018-1875 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ...
Show More |
|||||
| CVE-2018-1736 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
|
|||||
| CVE-2018-1704 | 1 Ibm | 2 Platform Symphony, Spectrum Symphony | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
|
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against ...
Show More |
|||||
| CVE-2018-1654 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
|
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM ...
Show More |
|||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
|
|||||
| CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
|
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.
|
|||||
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains.
|
|||||
| CVE-2018-1220 | 1 Emc | 1 Rsa Archer | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.
|
|||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
|
|||||
| CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
|
|||||
| CVE-2018-19106 | 1 Avinetworks | 1 Avi Vantage | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.
|
|||||
| CVE-2018-18288 | 1 Crushftp | 1 Crushftp | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.
|
|||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
|
|||||
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.
|
|||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.
|
|||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.
|
|||||