203 matches found
CVE-2023-33732
CVE-2023-33733 concerns the Python ReportLab library. A sandbox bypass in ReportLab could allow arbitrary code execution when processing crafted PDFs. Public advisories (e.g., Debian DSA-5791/DLA-3917) state that vulnerable versions up to 3.6.12-1+deb12u1 (and earlier 3.5.59-2+deb11u1 in Debian 1...
CVE-2023-33730
The CVE-2023-33730 vulnerability affects Microworld Technologies eScan Management Console version 14.0.1400.2281, in the GetUserCurrentPwd function, allowing remote attackers to retrieve plaintext passwords for admins or users. The underlying issue enables privilege escalation and full account co...
PT-2023-24459 · Microworld Technologies · Escan Management Console
Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan Management Console version 14.0.1400.2281 Description: The issue allows any remote attacker to retrieve the password of any admin or normal user in plain text format through the GetUserCurrentPwd function...
Microworld Technologies eScan Management Console 跨站脚本漏洞
MicroWorld Technologies eScan Management Console is an electronic scanning management console from MicroWorld Technologies, Inc. A security vulnerability exists in Microworld Technologies eScan Management Console version 14.0.1400.2281, which stems from a new policy form that allows remote...
PT-2023-24461 · Microworld Technologies · Escan
Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval in the New Policy form. This...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-31703
Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...
CVE-2023-31703
Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...
Cross site scripting
Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...
Sql injection
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-31703
Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-31702
The CVE-2023-31702 vulnerability affects MicroWorld eScan Management Console 14.0.1400.2281. It is a SQL injection in the GetUserCurrentPwd?UsrId=1 endpoint used in the View User Profile, enabling an authenticated attacker to dump the entire database and potentially execute OS commands on the bac...
CVE-2023-31703
CVE-2023-31703 affects Microworld eScan Management Console (v14.0.1400.2281). A Cross-Site Scripting flaw in the editUserName form via the from parameter enables remote injection of arbitrary code. Documented risk includes potential session-cookie theft leading to account takeover (as shown in Po...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
MicroWorld eScan Management Console 跨站脚本漏洞
MicroWorld eScan Management Console is a control panel from MicroWorld Japan. It helps system administrators remotely manage all eScan client computers on a network. A security vulnerability exists in MicroWorld eScan Management Console version 14.0.1400.2281, which originates from the presence o...
PT-2023-23422 · Microworld · Microworld Escan Management Console
Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Management Console version 14.0.1400.2281 Description: The issue allows a remote attacker to perform SQL injection in the View User Profile feature, enabling them to dump the entire database and gain a Windows XP command shel...
MicroWorld Technologies eScan Anti-Virus 输入验证错误漏洞
MicroWorld Technologies eScan Anti-Virus is an Internet security solution from MicroWorld Technologies, USA. It provides virus protection for enterprise and home SOHO users. The MicroWorld Technologies eScan Anti-Virus is prone to an input validation error vulnerability that originates from inval...