Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-7079

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2013 | 23:00
Updated At-06 Aug, 2024 | 17:53
Rejected At-
Credits

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2013 | 23:00
Updated At:06 Aug, 2024 | 17:53
Rejected At:
▼CVE Numbering Authority (CNA)

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://seclists.org/oss-sec/2013/q4/473
mailing-list
x_refsource_MLIST
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/64252
vdb-entry
x_refsource_BID
http://www.debian.org/security/2014/dsa-2834
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://seclists.org/oss-sec/2013/q4/473
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/64252
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2014/dsa-2834
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://seclists.org/oss-sec/2013/q4/473
mailing-list
x_refsource_MLIST
x_transferred
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/64252
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2014/dsa-2834
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://seclists.org/oss-sec/2013/q4/473
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/64252
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2834
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2013 | 23:55
Updated At:11 Apr, 2025 | 00:51

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches

TYPO3 Association
typo3
>>typo3>>4.5.0
cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.1
cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.2
cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.3
cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.4
cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.5
cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.6
cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.7
cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.8
cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.9
cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.10
cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.11
cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.12
cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.13
cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.14
cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.15
cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.16
cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.17
cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.18
cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.19
cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.20
cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.21
cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.22
cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.23
cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.24
cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.25
cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.26
cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.27
cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.28
cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.29
cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.30
cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.5.31
cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1
cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.1
cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.2
cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.3
cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.4
cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.5
cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.1.6
cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.0
cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.1
cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.2
cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.3
cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.4
cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.5
cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.6
cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.7
cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.8
cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.9
cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>4.7.10
cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://seclists.org/oss-sec/2013/q4/473cve@mitre.org
N/A
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2014/dsa-2834cve@mitre.org
N/A
http://www.securityfocus.com/bid/64252cve@mitre.org
N/A
http://seclists.org/oss-sec/2013/q4/473af854a3a-2127-422b-91ae-364da2661108
N/A
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2014/dsa-2834af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/64252af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://seclists.org/oss-sec/2013/q4/473
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2834
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/64252
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2013/q4/473
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2834
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/64252
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

234Records found

CVE-2012-4671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 48.06%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Action-Not Available
Vendor-psycedn/a
Product-psycedn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 48.06%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Action-Not Available
Vendor-n/aApple Inc.
Product-ichat_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.16% / 37.37%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-paypaln/a
Product-merchant_sdkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-brian_burtonoscommercen/a
Product-oscommercepaypal_pro_payflow_modulen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.49% / 64.68%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-axis2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-paypaloscommercen/a
Product-paypal_prooscommercen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain "true" value.

Action-Not Available
Vendor-amazonn/a
Product-flexible_payments_servicen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager.

Action-Not Available
Vendor-amazonn/a
Product-elastic_load_balancingn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4918
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-5.8||MEDIUM
EPSS-0.20% / 42.57%
||
7 Day CHG~0.00%
Published-22 Jan, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack.

Action-Not Available
Vendor-activisionn/a
Product-call_of_duty_eliten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.13% / 77.43%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-paypaln/aThe Apache Software Foundation
Product-activemqpayments_protransactional_information_soapaxismass_payn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4489
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-31 Oct, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter.

Action-Not Available
Vendor-mark_burdettn/aThe Drupal Association
Product-drupalsecureloginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3689
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-25 Jul, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3525
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-2.93% / 85.87%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

Action-Not Available
Vendor-jabber2jabberd2n/a
Product-jabberd2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3314
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.18% / 40.26%
||
7 Day CHG~0.00%
Published-02 Oct, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_federated_identity_manager_business_gatewaytivoli_federated_identity_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3691
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 45.41%
||
7 Day CHG~0.00%
Published-25 Jul, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6412
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 67.75%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6411
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.78% / 72.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6425
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 12:35
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedorabackportsChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3540
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Action-Not Available
Vendor-n/aOpenStack
Product-horizonn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3954
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 64.90%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:17
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_log_insightVMware vRealize Log Insight
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2159
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.35% / 56.72%
||
7 Day CHG~0.00%
Published-20 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_appscan_sourcespss_data_collectionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3003
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.8||MEDIUM
EPSS-0.33% / 55.01%
||
7 Day CHG~0.00%
Published-08 Jun, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.

Action-Not Available
Vendor-n/aSiemens AG
Product-winccn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.45% / 62.68%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 17:19
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.

Action-Not Available
Vendor-cross_domain_local_storage_projectn/a
Product-cross_domain_local_storagen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2270
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-23.05% / 95.70%
||
7 Day CHG~0.00%
Published-20 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloudowncloud_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5647
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshift_originopenshiftn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-26.64% / 96.15%
||
7 Day CHG~0.00%
Published-08 Oct, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

Action-Not Available
Vendor-tikin/a
Product-tikiwiki_cms\/groupwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-17.38% / 94.80%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.

Action-Not Available
Vendor-websitepaneln/a
Product-websitepaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1326
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 13:16
Updated-15 Nov, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ironport_web_security_applianceIronPort Web Security Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-4.46% / 88.65%
||
7 Day CHG~0.00%
Published-08 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

Action-Not Available
Vendor-4homepagesn/a
Product-4imagesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-6696
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-15 Mar, 2020 | 22:03
Updated-25 Oct, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortinet FortiOS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.49% / 64.63%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1589
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-18 May, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1954
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:30
Updated-21 Nov, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Meetings Server Open Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetings_serverCisco WebEx Meetings Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-services_twitter_groupn/a
Product-services_twittern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-magentocommercen/a
Product-magenton/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-26.96% / 96.18%
||
7 Day CHG~0.00%
Published-12 Jan, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

Action-Not Available
Vendor-orchardprojectn/a
Product-orchardn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0703
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-31 Jan, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_information_serverinfosphere_information_server_information_services_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4968
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.62% / 69.12%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 15:18
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

Action-Not Available
Vendor-nginxDebian GNU/LinuxF5, Inc.
Product-nginxdebian_linuxnginx
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-abraham_williamsn/a
Product-twitteroauthn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-themattharrisn/a
Product-tmhoauthn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0741
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.14% / 34.57%
||
7 Day CHG~0.00%
Published-28 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_appscanrational_policy_testern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-civicrmn/a
Product-civicrmn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15974
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-managed_services_acceleratorCisco Managed Services Accelerator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0128
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.67% / 70.44%
||
7 Day CHG~0.00%
Published-04 Apr, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-onboard_administratorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.13% / 33.87%
||
7 Day CHG~0.00%
Published-06 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-monerisn/a
Product-eselect_plusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0052
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.30% / 52.64%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-5251
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-31 Dec, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.

Action-Not Available
Vendor-vbulletinn/a
Product-vbulletinn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0146
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-25.13% / 95.97%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0865
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-7.95% / 91.69%
||
7 Day CHG~0.00%
Published-21 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Action-Not Available
Vendor-cubecartn/a
Product-cubecartn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0051
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-1.35% / 79.35%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 17:23
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

Action-Not Available
Vendor-tahoe-lafstahoe-lafsDebian GNU/Linux
Product-tahoe-lafsdebian_linuxtahoe-lafs
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found