Weekly Vulnerabilities Reports > January 6 to 12, 2003
6 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 2 vendors including Polycom, and BMV. Vulnerabilities are notably categorized as .
- 5 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are exploitable by an anonymous user.
- Polycom has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Polycom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
|2003-01-07||CVE-2002-0626||Polycom|| Unspecified vulnerability in Polycom products |
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
1 High Vulnerabilities
|2003-01-07||CVE-2002-0627||Polycom|| Directory Traversal vulnerability in Polycom ViewStation Unicode |
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
4 Medium Vulnerabilities
|2003-01-07||CVE-2002-0630||Polycom|| Denial Of Service vulnerability in Polycom ViewStation ICMP |
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
|2003-01-07||CVE-2002-0629||Polycom|| Denial of Service vulnerability in Polycom ViewStation Telnet |
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
|2003-01-07||CVE-2002-0628||Polycom|| Unspecified vulnerability in Polycom products |
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
|2003-01-11||CVE-2003-0014||BMV|| Unspecified vulnerability in BMV 1.2 |
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
0 Low Vulnerabilities