Security Vulnerabilities, CVEs, Published In September 2013 (Bypass) CVSS score >= 7

CVE-2013-5200

The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
Max CVSS
7.5
EPSS Score
0.49%
Published
2013-09-25
Updated
2013-10-15

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.87%
Published
2013-09-30
Updated
2016-12-07

CVE-2013-3613

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
Max CVSS
7.8
EPSS Score
0.37%
Published
2013-09-17
Updated
2013-09-17

CVE-2013-3473

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
Max CVSS
7.8
EPSS Score
0.16%
Published
2013-09-20
Updated
2013-09-23

CVE-2012-4078

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.
Max CVSS
8.5
EPSS Score
0.28%
Published
2013-09-24
Updated
2017-08-29
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close