CVE-2023-1862

Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...

PT-2023-3411 · Cloudflare · Cloudflare Warp Client For Windows

Name of the Vulnerable Software and Affected Versions: Cloudflare WARP client for Windows versions up to 2023.3.381.0 Description: The issue is related to insufficient access control policy on an IPC Named Pipe, allowing a malicious actor to remotely access the warp-svc.exe binary. This could...

Cisco Intelligent Automation for Cloud iFrame Vulnerability

A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...

Cisco Intelligent Automation for Cloud Enumeration Vulnerability

A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...

Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS

Some days ago i have discovered a DoS in Windows Vista. Here is the advisory with a detailed description about the vulnerability that will help to Microsoft they have been already notified about the bug to correct it as soon as possible, and it will help you if you need to add any rule for your...

CVE-2005-2150

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to 1 list Windows services via svcctl or 2 read eventlogs via eventlog...

CVE-2005-2150

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to 1 list Windows services via svcctl or 2 read eventlogs via eventlog...

[Full-disclosure] NULL sessions vulnerabilities using alternate named pipes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NULL sessions vulnerabilities using alternate named pipes Hervй Schauer Consultants Security Advisory http://www.hsc.fr/ - - Summary - Advisory: NULL sessions vulnerabilities using alternate named pipes CVE identifier: CAN-2005-2150 Release date:...