CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-601

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1020016 601 2019-07-29 2019-08-01
5.8
None Remote Medium Not required Partial Partial None
ASH-AIO before 2.0.0.3 allows an open redirect.
2 CVE-2019-1010290 601 2019-07-16 2019-07-19
5.8
None Remote Medium Not required Partial Partial None
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
3 CVE-2019-16393 601 2019-09-17 2019-09-25
5.8
None Remote Medium Not required Partial Partial None
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
4 CVE-2019-16220 601 2019-09-11 2019-09-12
5.8
None Remote Medium Not required Partial Partial None
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
5 CVE-2019-15820 601 2019-08-30 2019-09-04
5.8
None Remote Medium Not required Partial Partial None
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
6 CVE-2019-15818 601 2019-08-30 2019-09-05
5.8
None Remote Medium Not required Partial Partial None
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
7 CVE-2019-15776 601 2019-08-29 2019-09-04
5.8
None Remote Medium Not required Partial Partial None
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
8 CVE-2019-15775 601 2019-08-29 2019-09-03
5.8
None Remote Medium Not required Partial Partial None
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
9 CVE-2019-15774 601 2019-08-29 2019-09-03
5.8
None Remote Medium Not required Partial Partial None
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
10 CVE-2019-15773 601 2019-08-29 2019-09-04
5.8
None Remote Medium Not required Partial Partial None
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
11 CVE-2019-15772 601 2019-08-29 2019-09-04
5.8
None Remote Medium Not required Partial Partial None
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
12 CVE-2019-15771 601 2019-08-29 2019-09-04
5.8
None Remote Medium Not required Partial Partial None
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
13 CVE-2019-15041 601 2019-10-01 2019-10-08
5.8
None Remote Medium Not required Partial Partial None
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
14 CVE-2019-14912 601 2019-09-20 2019-09-23
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
15 CVE-2019-14403 601 2019-07-30 2019-07-30
4.3
None Remote Medium Not required None Partial None
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).
16 CVE-2019-14223 601 2019-09-06 2019-09-10
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
17 CVE-2019-13422 601 2019-08-23 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
18 CVE-2019-13175 601 2019-07-02 2019-07-03
5.8
None Remote Medium Not required Partial Partial None
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).
19 CVE-2019-13038 601 2019-06-29 2019-07-03
4.3
None Remote Medium Not required None Partial None
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
20 CVE-2019-11589 601 CSRF 2019-08-23 2019-08-30
5.8
None Remote Medium Not required Partial Partial None
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
21 CVE-2019-11585 601 2019-08-23 2019-08-27
5.8
None Remote Medium Not required Partial Partial None
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
22 CVE-2019-11269 601 2019-06-12 2019-06-17
5.8
None Remote Medium Not required Partial Partial None
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.
23 CVE-2019-11016 601 2019-04-08 2019-04-09
5.8
None Remote Medium Not required Partial Partial None
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
24 CVE-2019-10955 601 2019-04-25 2019-10-10
5.8
None Remote Medium Not required Partial Partial None
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user?s machine.
25 CVE-2019-10856 601 2019-04-04 2019-04-05
5.8
None Remote Medium Not required Partial Partial None
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
26 CVE-2019-10751 601 2019-08-23 2019-09-02
5.8
None Remote Medium Not required Partial Partial None
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
27 CVE-2019-10721 601 2019-07-03 2019-07-10
5.8
None Remote Medium Not required Partial Partial None
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
28 CVE-2019-10372 601 2019-08-07 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login.
29 CVE-2019-10255 601 2019-03-28 2019-04-11
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
30 CVE-2019-10133 601 2019-06-26 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
31 CVE-2019-10117 601 2019-05-16 2019-05-16
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.
32 CVE-2019-10098 601 2019-09-25 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
33 CVE-2019-8995 601 2019-04-24 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.
34 CVE-2019-8951 601 2019-05-13 2019-05-16
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056).
35 CVE-2019-7275 601 2019-07-01 2019-07-02
5.8
None Remote Medium Not required Partial Partial None
Optergy Proton/Enterprise devices allow Open Redirect.
36 CVE-2019-6741 601 Exec Code 2019-06-03 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476.
37 CVE-2019-6009 601 2019-09-12 2019-09-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
38 CVE-2019-6004 601 2019-09-12 2019-09-16
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
39 CVE-2019-5978 601 2019-09-12 2019-09-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
40 CVE-2019-5969 601 2019-07-05 2019-07-08
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
41 CVE-2019-5965 601 2019-07-05 2019-07-08
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
42 CVE-2019-5946 601 2019-05-17 2019-05-20
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
43 CVE-2019-5823 601 Bypass 2019-06-27 2019-07-25
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
44 CVE-2019-5433 601 2019-05-06 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
45 CVE-2019-4538 601 +Info 2019-10-02 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.
46 CVE-2019-4201 601 +Info 2019-06-05 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.
47 CVE-2019-4166 601 +Info 2019-04-30 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.
48 CVE-2019-4153 601 +Info 2019-06-25 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
49 CVE-2019-4092 601 +Info 2019-04-25 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.
50 CVE-2019-3912 601 2019-01-30 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
Total number of vulnerabilities : 265   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.