Lucene search
K

203 matches found

CVE
CVE
added 2023/05/31 12:0 a.m.47 views

CVE-2023-33732

CVE-2023-33733 concerns the Python ReportLab library. A sandbox bypass in ReportLab could allow arbitrary code execution when processing crafted PDFs. Public advisories (e.g., Debian DSA-5791/DLA-3917) state that vulnerable versions up to 3.6.12-1+deb12u1 (and earlier 3.5.59-2+deb11u1 in Debian 1...

6.1CVSS6.1AI score0.00844EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/05/31 12:0 a.m.48 views

CVE-2023-33730

The CVE-2023-33730 vulnerability affects Microworld Technologies eScan Management Console version 14.0.1400.2281, in the GetUserCurrentPwd function, allowing remote attackers to retrieve plaintext passwords for admins or users. The underlying issue enables privilege escalation and full account co...

9.8CVSS9.4AI score0.01175EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.9 views

PT-2023-24459 · Microworld Technologies · Escan Management Console

Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan Management Console version 14.0.1400.2281 Description: The issue allows any remote attacker to retrieve the password of any admin or normal user in plain text format through the GetUserCurrentPwd function...

9.8CVSS7.5AI score0.01175EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.4 views

Microworld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an electronic scanning management console from MicroWorld Technologies, Inc. A security vulnerability exists in Microworld Technologies eScan Management Console version 14.0.1400.2281, which stems from a new policy form that allows remote...

6.1CVSS7.2AI score0.00844EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.5 views

PT-2023-24461 · Microworld Technologies · Escan

Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval in the New Policy form. This...

7.8CVSS8.2AI score0.02123EPSS
Exploits6References4
OSV
OSV
added 2023/05/17 1:15 p.m.4 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS7.5AI score0.04312EPSS
Exploits5References2
NVD
NVD
added 2023/05/17 1:15 p.m.46 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS7.8AI score0.04312EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2023/05/17 1:15 p.m.4 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS6.3AI score0.04312EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2023/05/17 1:15 p.m.4 views

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

9CVSS6AI score0.04475EPSS
Exploits4References3
NVD
NVD
added 2023/05/17 1:15 p.m.30 views

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

9CVSS8.5AI score0.04475EPSS
Exploits4References2
Prion
Prion
added 2023/05/17 1:15 p.m.12 views

Cross site scripting

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

6CVSS8.6AI score0.04475EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2023/05/17 1:15 p.m.18 views

Sql injection

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

5.8CVSS7.7AI score0.04312EPSS
Exploits5References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/17 12:0 a.m.8 views

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

8.5AI score0.04475EPSS
Exploits4References2
Cvelist
Cvelist
added 2023/05/17 12:0 a.m.41 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

8AI score0.04312EPSS
Exploits5References2
CVE
CVE
added 2023/05/17 12:0 a.m.52 views

CVE-2023-31702

The CVE-2023-31702 vulnerability affects MicroWorld eScan Management Console 14.0.1400.2281. It is a SQL injection in the GetUserCurrentPwd?UsrId=1 endpoint used in the View User Profile, enabling an authenticated attacker to dump the entire database and potentially execute OS commands on the bac...

7.2CVSS7.7AI score0.04312EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2023/05/17 12:0 a.m.42 views

CVE-2023-31703

CVE-2023-31703 affects Microworld eScan Management Console (v14.0.1400.2281). A Cross-Site Scripting flaw in the editUserName form via the from parameter enables remote injection of arbitrary code. Documented risk includes potential session-cookie theft leading to account takeover (as shown in Po...

9CVSS8.5AI score0.04475EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/17 12:0 a.m.8 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.8AI score0.04312EPSS
Exploits5References2
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.4 views

MicroWorld eScan Management Console 跨站脚本漏洞

MicroWorld eScan Management Console is a control panel from MicroWorld Japan. It helps system administrators remotely manage all eScan client computers on a network. A security vulnerability exists in MicroWorld eScan Management Console version 14.0.1400.2281, which originates from the presence o...

9CVSS8.3AI score0.04475EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.6 views

PT-2023-23422 · Microworld · Microworld Escan Management Console

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Management Console version 14.0.1400.2281 Description: The issue allows a remote attacker to perform SQL injection in the View User Profile feature, enabling them to dump the entire database and gain a Windows XP command shel...

7.2CVSS8.8AI score0.04312EPSS
Exploits5References9
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.3 views

MicroWorld Technologies eScan Anti-Virus 输入验证错误漏洞

MicroWorld Technologies eScan Anti-Virus is an Internet security solution from MicroWorld Technologies, USA. It provides virus protection for enterprise and home SOHO users. The MicroWorld Technologies eScan Anti-Virus is prone to an input validation error vulnerability that originates from inval...

10CVSS8.2AI score0.02267EPSS
Exploits0References2
Rows per page
Query Builder