LiveActive security incident?Get immediate response
CVE archive

October 2013

Browse CVE records published in October 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 582 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2013-2269: The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/...

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.

Published Oct 1, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-5144: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass a...

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.

Published Oct 24, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-4708: The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc.

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.

Published Oct 1, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-6244: The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.3...

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published Oct 24, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-3962: Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/...

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Published Oct 1, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-6127: The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView...

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.

Published Oct 25, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-5534: Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or C...

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.

Published Oct 19, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-5766: Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Gr...

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs.

Published Oct 16, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-4390: Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.aut...

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

Published Oct 24, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-3704: The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerpr...

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key.

Published Oct 28, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-6026: The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 r...

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.

Published Oct 19, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5827: Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Gr...

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management.

Published Oct 16, 2013 · Updated Sep 16, 2024