Search Results (12223 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12138 1 Xoops 1 Xoops 2025-04-20 N/A
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
CVE-2017-12135 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2025-04-20 N/A
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
CVE-2017-0886 1 Nextcloud 1 Nextcloud Server 2025-04-20 6.5 Medium
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
CVE-2017-11725 1 Thycotic 1 Secret Server 2025-04-20 N/A
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVE-2016-10158 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-20 N/A
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2016-8974 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 N/A
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.
CVE-2016-8953 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.
CVE-2016-8949 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2025-04-20 N/A
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
CVE-2016-8947 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834
CVE-2015-9058 1 Proxmox 1 Proxmox Mail Gateway 2025-04-20 N/A
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
CVE-2017-0857 1 Google 1 Android 2025-04-20 N/A
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.
CVE-2017-10910 1 Mqtt.js Project 1 Mqtt.js 2025-04-20 N/A
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.
CVE-2015-7273 1 Dell 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware 2025-04-20 N/A
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
CVE-2016-9924 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
CVE-2017-2217 1 W3eden 1 Download Manager 2025-04-20 N/A
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2015-1854 3 Debian, Fedoraproject, Redhat 4 Debian Linux, 389 Directory Server, Fedora and 1 more 2025-04-20 N/A
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2017-11718 1 Metinfo Project 1 Metinfo 2025-04-20 N/A
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
CVE-2017-11879 1 Microsoft 1 Asp.net Core 2025-04-20 N/A
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2017-12434 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.