10 matches found
CVE-2025-61939
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...
CVE-2025-61939
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...
CVE-2025-61939
CVE-2025-61939 concerns Columbia Weather Systems MicroServer. An unused function can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker on a local network with admin access to the MicroServer web portal and the ability to manipulate DNS resp...
CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...
PT-2026-1835
Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused function in MicroServer can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with local network access and administrati...
UnAuthenticated SQL Injection
Proof of Concept POC: Vendor Domain Print version: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+version--+- Print Database: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+database--+- Print User:...
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon Exploit
Exploit for Android platform in category dos / poc This bug is similar to Jann Horn's issue https://bugs.chromium.org/p/project-zero/issues/detail?id=851 -- credit should go to him. The hardware service manager allows the registration of HAL services. These services are used by the vendor domain...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor...
CVE-2008-7164
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor...
CVE-2008-7164
Shareaza (before 2.3.1.0) is affected by a vulnerability described as an update notification spoofing issue. The OpenVAS entry refers to a vulnerability in Shareaza Update Notification Spoofing Vulnerability, and the NVD entry lists CVSS v2.0 base metrics of AV:N/AC:L/Au:N/C:C/I:C/A:C with a base...