Weekly Vulnerabilities Reports > February 26 to March 4, 2001

Overview

4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Cisco, Lotus, and Rhinosoft. Vulnerabilities are notably categorized as .

  • 4 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-03-03 CVE-2001-1103 Rhinosoft Unspecified vulnerability in Rhinosoft FTP Voyager

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.

7.5
2001-03-01 CVE-2001-1445 Lotus Unspecified vulnerability in Lotus Domino Mail Server

Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.

7.5
2001-02-28 CVE-2004-1776 Cisco Unspecified vulnerability in Cisco IOS 12.1(3)/12.1(3)T

Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-02-28 CVE-2001-1434 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.

5.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS