CVE-2005-1205
published 2005-06-14CVE-2005-1205: The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables…
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
33.26%
98.2th percentile
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers
arxiv_fulltext·2026-02-25
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers
gobble
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers
Refat Othman
Ph.D.\ in Advanced-Systems Engineering
38^th Cycle
2026
[02.10.1991]
[Nablus, Palestine]
27.01.2026
[Bolzano, Italy]
Professor Barbara Russo
Professor Bruno Rossi
& Professor Mengyuan Zhang
0000-0003-3791-399X
All rights reserved
[logo]
acknowledgements
My deepest and most sincere gratitude goes to my supervisor, Professor Barbara Russo. Her unwavering support, constant encouragement, and invaluable guidance have been at the heart of this journey. She provided not only the intellectual direction needed to shape this thesis but also the patience and understanding that sustained me through its most challenging phases. Professor Russo gave me the freedom to explore my ideas while
arXiv
From Attack Descriptions to Vulnerabilities: A Sentence Transformer-Based Approach
arxiv_fulltext·2025-09-03
From Attack Descriptions to Vulnerabilities: A Sentence Transformer-Based Approach
frontmatter
From Attack Descriptions to Vulnerabilities: A Sentence Transformer-Based Approach
[label1]Refat Othman
[label1]organization=Free University of Bozen-Bolzano,
city=Bolzano,
postcode=39100,
country=Italy
[label1]Diaeddin Rimawi
[label2]Bruno Rossi
[label2]organization=Masaryk University,
city=Brno,
postcode=60200,
country=Czech Republic
[label1]Barbara Russo
## Abstract
In the domain of security, vulnerabilities frequently remain undetected even after their exploitation.
In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.
Establishing a connection between attacks and vulnerabilities is essential for enabling timely incident response, as it provides defenders with immediate, actionable insight
CWE
Exposure of Sensitive Information to an Unauthorized Actor
mitre_cwe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include: private, personal information, such as personal messages, financial data, health records, geographic location, or contact details system status and environment, such as the operating system and installed packages business secrets and intellectual property network status and confi
CWE
Exposure of Sensitive Information Due to Incompatible Policies
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-213 Exposure of Sensitive Information Due to Incompatible Policies
CWE-213: Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators. Each stakeholder effectively has its own intended security policy that the product is expected to uphold. When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectati
http://idefense.com/application/poi/display?id=260&type=vulnerabilitieshttp://secunia.com/advisories/15690/http://securitytracker.com/id?1014203http://www.kb.cert.org/vuls/id/800829http://www.securityfocus.com/bid/13940https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A605https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A784http://idefense.com/application/poi/display?id=260&type=vulnerabilitieshttp://secunia.com/advisories/15690/http://securitytracker.com/id?1014203http://www.kb.cert.org/vuls/id/800829http://www.securityfocus.com/bid/13940https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A605https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A784
2005-06-14
Published