Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open redirect vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
5.8
CVSSv2
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote malicious users to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the malicious user to compromise the user's confidentiality and integrity.
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
3.5
CVSSv2
CVE-2021-34763
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an malicious user to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the De...
Cisco Firepower Management Center Virtual Appliance 6.1.0
Cisco Firepower Management Center Virtual Appliance 6.2.0
Cisco Firepower Management Center Virtual Appliance 6.2.3
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
Cisco Firepower Threat Defense
Cisco Firepower Management Center Virtual Appliance 6.3.0
Cisco Sourcefire Defense Center 6.1.0
Cisco Sourcefire Defense Center 6.2.0
Cisco Sourcefire Defense Center 6.2.3
Cisco Sourcefire Defense Center 6.3.0
Cisco Sourcefire Defense Center 7.1.0
Cisco Firepower Management Center Virtual Appliance 7.1.0
Cisco Sourcefire Defense Center 6.6.1
Cisco Sourcefire Defense Center 6.7.0
Cisco Sourcefire Defense Center 7.0.0
Cisco Firepower Management Center Virtual Appliance 6.4.0
Cisco Firepower Management Center Virtual Appliance 6.5.0
Cisco Firepower Management Center Virtual Appliance 6.6.0
Cisco Firepower Management Center Virtual Appliance 6.6.1
Cisco Firepower Management Center Virtual Appliance 6.7.0
5
CVSSv2
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal prior to 6.5.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
5.8
CVSSv2
CVE-2021-34764
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an malicious user to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the De...
Cisco Firepower Management Center Virtual Appliance 6.1.0
Cisco Firepower Management Center Virtual Appliance 6.2.0
Cisco Firepower Management Center Virtual Appliance 6.2.3
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
Cisco Firepower Threat Defense
Cisco Firepower Management Center Virtual Appliance 6.3.0
Cisco Sourcefire Defense Center 6.1.0
Cisco Sourcefire Defense Center 6.2.0
Cisco Sourcefire Defense Center 6.2.3
Cisco Sourcefire Defense Center 6.3.0
Cisco Sourcefire Defense Center 7.1.0
Cisco Firepower Management Center Virtual Appliance 7.1.0
Cisco Sourcefire Defense Center 6.6.1
Cisco Sourcefire Defense Center 6.7.0
Cisco Sourcefire Defense Center 7.0.0
Cisco Firepower Management Center Virtual Appliance 6.4.0
Cisco Firepower Management Center Virtual Appliance 6.5.0
Cisco Firepower Management Center Virtual Appliance 6.6.0
Cisco Firepower Management Center Virtual Appliance 6.6.1
Cisco Firepower Management Center Virtual Appliance 6.7.0
5.8
CVSSv2
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
5.8
CVSSv2
CVE-2020-11882
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is no...
Telefonica O2 Business 1.2.0
5.8
CVSSv2
CVE-2019-12783
An issue exists in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by malicious users to "crowdsource" bruteforce login att...
Verint Impact 360 15.1
5.8
CVSSv2
CVE-2012-1023
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
4homepages 4images 1.7.10
1 EDB exploit
3.5
CVSSv2
CVE-2021-22871
Revive Adserver prior to 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulne...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »