映射到 CWE-601 的搜索结果 (81)

CVE-2018-8813(发布:2018-04-04 11:29:00)NMP
CVSS4.9

[原文]Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

CVE-2017-7153(发布:2018-04-03 02:29:02)NMP
CVSS5.8

[原文]An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.

CVE-2018-3819(发布:2018-03-30 16:29:00)NM
CVSS5.8

[原文]The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

CVE-2018-7674(发布:2018-03-28 10:29:00)NM
CVSS5.8

[原文]The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

CVE-2018-8937(发布:2018-03-26 13:29:00)NM
CVSS5.8

[原文]An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.

CVE-2018-1220(发布:2018-03-08 10:29:00)NM
CVSS5.8

[原文]EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.

首页上一页12345678下一页尾页 第2页 / 共14页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站