Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
initial redirect vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-0813
Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow malicious users to cause a denial of service and execute arbitrary code via unknown vectors.
Initial Redirect Initial Redirect Squid Proxy Plug-in 0.1
Initial Redirect Initial Redirect Squid Proxy Plug-in 0.2
5.8
CVSSv2
CVE-2018-15178
Open redirect vulnerability in Gogs prior to 0.12 allows remote malicious users to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go...
Gogs Gogs
5.8
CVSSv2
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
NA
CVE-2023-45289
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will for...
5.8
CVSSv2
CVE-2015-3644
Stunnel 5.00 up to and including 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote malicious users to bypass authentication.
Stunnel Stunnel 5.03
Stunnel Stunnel 5.04
Stunnel Stunnel 5.05
Stunnel Stunnel 5.12
Stunnel Stunnel 5.13
Stunnel Stunnel 5.00
Stunnel Stunnel 5.08
Stunnel Stunnel 5.09
Stunnel Stunnel 5.01
Stunnel Stunnel 5.02
Stunnel Stunnel 5.10
Stunnel Stunnel 5.11
Stunnel Stunnel 5.06
Stunnel Stunnel 5.07
5.8
CVSSv2
CVE-2019-6696
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an malicious user to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
Fortinet Fortios
Fortinet Fortios 6.2.0
Fortinet Fortios 6.2.1
4.3
CVSSv2
CVE-2017-7620
MantisBT prior to 1.3.11, 2.x prior to 2.3.3, and 2.4.x prior to 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary P...
Mantisbt Mantisbt 2.4.0
Mantisbt Mantisbt 2.0.1
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt 2.1.0
Mantisbt Mantisbt
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.2.0
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 2.2.4
1 EDB exploit
5.8
CVSSv2
CVE-2015-7943
Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.41, the jQuery Update module 7.x-2.x prior to 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x prior to 7.x-1.8 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing a...
Labjs Project Labjs 7.x-1.0
Jquery Update Project Jquery Update 7.x-2.3
Jquery Update Project Jquery Update 7.x-2.4
Jquery Update Project Jquery Update 7.x-2.5
Jquery Update Project Jquery Update 7.x-2.6
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.31
Labjs Project Labjs 7.x-1.2
Labjs Project Labjs 7.x-1.7
Jquery Update Project Jquery Update 7.x-2.1
Drupal Drupal 7.2
Drupal Drupal 7.4
Drupal Drupal 7.11
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.22
Drupal Drupal 7.27
5
CVSSv2
CVE-2022-31042
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w...
Guzzlephp Guzzle
Drupal Drupal
Drupal Drupal 9.4.0
Debian Debian Linux 11.0
4
CVSSv2
CVE-2017-6922
In Drupal core 8.x before 8.3.4 and Drupal core 7.x before 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »