Weekly Vulnerabilities Reports > January 7 to 13, 2002

Overview

6 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including Cisco, Microsoft, HP, and Mike Spice. Vulnerabilities are notably categorized as .

  • 5 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-01-13 CVE-2002-0077 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.

7.5
2002-01-11 CVE-2003-0061 HP Local Security vulnerability in HP Hp-Ux 10.20

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-01-09 CVE-2002-1600 Mike Spice Unspecified vulnerability in Mike Spice MY Classifieds 1.0/1.1/1.2

Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter.

5.0
2002-01-09 CVE-2002-1597 Cisco Unspecified vulnerability in Cisco SN 5420 Storage Router Firmware

Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface.

5.0
2002-01-09 CVE-2002-1596 Cisco Unspecified vulnerability in Cisco SN 5420 Storage Router Firmware

Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers.

5.0
2002-01-09 CVE-2002-1595 Cisco Information Disclosure vulnerability in Cisco SN 5420 Storage Router

Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.

5.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS