CyberSecurityBoard
Sponsor Register Login

CVE-2005-2150

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Publication date: Mon, 11 Jul 2005 09:00:00 +0000


Cyber News related to CVE-2005-2150

CVE-2013-2150 - Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. Per: ...
10 years ago
CVE-2023-34275 - D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication ...
6 months ago
CVE-2024-5291 - D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not ...
5 months ago
CVE-2005-2150 - Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via ...
7 years ago
CVE-2007-2150 - BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. ...
6 years ago
CVE-2016-2150 - SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. ...
5 years ago
CVE-2002-2150 - Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the ...
16 years ago
CVE-2010-2150 - Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
14 years ago
CVE-2016-2344 - Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is ...
7 years ago
CVE-2012-2150 - xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. ...
7 years ago
CVE-2017-2150 - Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. ...
7 years ago
CVE-2004-2150 - Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. ...
9 months ago
CVE-2011-2150 - The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) ...
7 years ago
CVE-2009-2150 - Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers ...
7 years ago
CVE-2006-2150 - PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. ...
6 years ago
CVE-2015-2150 - Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) ...
6 years ago
CVE-2019-7312 - Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed ...
5 years ago
CVE-2019-2150 - In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: ...
5 years ago
CVE-2021-2150 - Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network ...
3 years ago
CVE-2022-24671 - A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain ...
2 years ago
CVE-2020-35488 - The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, ...
2 years ago
CVE-2022-33973 - Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. ...
2 years ago
CVE-2022-40720 - This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox ...
1 year ago
CVE-2022-40719 - This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ...
1 year ago
CVE-2022-40718 - This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)