CyberSecurityBoard
Sponsor Register Login

CVE-2022-3365

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

This Cyber News was published on www.tenable.com. Publication date: Tue, 28 Jan 2025 04:56:02 +0000


Cyber News related to CVE-2022-3365

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2022-3365 - Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over ...
4 months ago Tenable.com
CVE-2006-4836 - SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the ...
6 years ago
CVE-2005-4227 - Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, ...
6 years ago
CVE-2013-3365 - TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ...
11 years ago
CVE-2016-3365 - Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation ...
6 years ago
CVE-2016-3362 - Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation ...
6 years ago
CVE-2005-3365 - Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in ...
6 years ago
CVE-2010-3365 - Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. ...
14 years ago
CVE-2015-3365 - Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. ...
8 years ago
CVE-2014-3365 - Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ...
7 years ago
CVE-2009-3365 - PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. ...
7 years ago
CVE-2012-3365 - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. ...
7 years ago
CVE-2008-3365 - Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. ...
6 years ago
CVE-2007-3365 - MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. ...
1 year ago
CVE-2006-3365 - V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement. ...
6 years ago
CVE-2017-3365 - Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker ...
5 years ago
CVE-2020-3365 - A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability ...
4 years ago
CVE-2011-3365 - The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a ...
2 years ago
CVE-2023-3365 - The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment ...
8 months ago
CVE-2024-3365 - A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument user_name leads to cross site ...
1 year ago Tenable.com
CVE-2025-3365 - A missing protection against path traversal allows to access ...
2 weeks ago
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
2 years ago Securityweek.com
CVE-2022-49911 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)