Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3417 | 1 Cisco | 1 Video Surveillance Operations Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
| The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. | |||||
| CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | |||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | |||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | |||||
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2024-11-21 | 10.0 HIGH | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-3215 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | |||||
| CVE-2013-3096 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | |||||
| CVE-2013-3092 | 1 Belkin | 2 N300, N300 Firmware | 2024-11-21 | 8.3 HIGH | N/A |
| The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | |||||
| CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | |||||
| CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||||
| CVE-2013-3085 | 1 Belkin | 2 F5d8236-4, F5d8236-4 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | |||||
| CVE-2013-3072 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | |||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | |||||
| CVE-2013-3060 | 1 Apache | 1 Activemq | 2024-11-21 | 6.4 MEDIUM | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | |||||
| CVE-2013-3046 | 1 Ibm | 1 Sametime | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | |||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2024-11-21 | 5.4 MEDIUM | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2024-11-21 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2013-2954 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2024-11-21 | 5.0 MEDIUM | N/A |
| The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-2944 | 1 Strongswan | 1 Strongswan | 2024-11-21 | 4.9 MEDIUM | N/A |
| strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | |||||
| CVE-2013-2820 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2024-11-21 | 10.0 HIGH | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | |||||