CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-35448 – Remote Mouse GUI 3.008 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-35448
24 Jun 2021 — Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections. Emote Interactive Remote Mouse versión 3.008 en Windows, permite a atacantes ejecutar programas arbitrarios como Administrador al usar la funcionalidad Image Transfer Folder para navegar al ejecutable cmd.exe. Se vincula a los puertos locales para escuchar las conexiones e... • https://www.exploit-db.com/exploits/50047 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2021-27574
https://notcve.org/view.php?id=CVE-2021-27574
07 May 2021 — An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. Se detectó un problema en Emote Remote Mouse versiones hasta.0.0.0. Utiliza HTTP de texto sin cifrar para comprobar y requerir actualizaciones. • https://axelp.io/MouseTrap • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-27573
https://notcve.org/view.php?id=CVE-2021-27573
07 May 2021 — An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication. Se detectó un problema en Emote Remote Mouse versiones hasta.0.0.0. Los usuarios remotos no autenticados pueden ejecutar código arbitrario por medio de paquetes UDP diseñados sin autorización o autenticación previa • https://axelp.io/MouseTrap • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2021-27572
https://notcve.org/view.php?id=CVE-2021-27572
07 May 2021 — An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set. Se detectó un problema en Emote Remote Mouse versiones hasta.0.0.0. Una Omisión de Autenticación puede ocurrir por medio de la Reproducción de Paquetes. • https://axelp.io/MouseTrap • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27571
https://notcve.org/view.php?id=CVE-2021-27571
07 May 2021 — An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic. Se detectó un problema en Emote Remote Mouse versiones hasta.0.0.0. Los atacantes pueden recuperar aplicaciones utilizadas y en ejecución recientemente, sus iconos y sus rutas de archivo. • https://axelp.io/MouseTrap • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27570
https://notcve.org/view.php?id=CVE-2021-27570
07 May 2021 — An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic. Se detectó un problema en Emote Remote Mouse versiones hasta 3.015. Los atacantes pueden cerrar cualquier proceso en ejecución mediante el envío del nombre del proceso en un paquete especialmente diseñado. • https://axelp.io/MouseTrap • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27569
https://notcve.org/view.php?id=CVE-2021-27569
07 May 2021 — An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic. Se detectó un problema en Emote Remote Mouse versiones hasta.0.0.0. Los atacantes pueden maximizar o minimizar la ventana de un proceso en ejecución mediante el envío del nombre del proceso en un paquete diseñado. • https://axelp.io/MouseTrap • CWE-306: Missing Authentication for Critical Function CWE-319: Cleartext Transmission of Sensitive Information •