Lucene search

K

Escanav Security Vulnerabilities

cve
cve

CVE-2023-4383

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-08-16 08:15 PM
30
cve
cve

CVE-2023-2875

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on...

5.5CVSS

5.4AI Score

0.0004EPSS

2023-05-24 07:15 PM
29
cve
cve

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file...

5.4CVSS

5.7AI Score

0.001EPSS

2023-06-27 06:15 PM
5
cve
cve

CVE-2023-34837

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter...

5.4CVSS

5.8AI Score

0.001EPSS

2023-06-27 06:15 PM
18
cve
cve

CVE-2023-34836

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName...

5.4CVSS

5.8AI Score

0.001EPSS

2023-06-27 06:15 PM
22
cve
cve

CVE-2023-34838

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description...

5.4CVSS

5.8AI Score

0.001EPSS

2023-06-27 06:15 PM
15
cve
cve

CVE-2023-33731

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL...

6.1CVSS

6.1AI Score

0.001EPSS

2023-06-02 12:15 PM
12
cve
cve

CVE-2023-33730

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text...

9.8CVSS

9.4AI Score

0.003EPSS

2023-05-31 08:15 PM
10
cve
cve

CVE-2023-33732

Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and...

6.1CVSS

6.1AI Score

0.001EPSS

2023-05-31 08:15 PM
13
cve
cve

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via...

7.2CVSS

7.7AI Score

0.004EPSS

2023-05-17 01:15 PM
18
cve
cve

CVE-2023-31703

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from...

9CVSS

8.5AI Score

0.002EPSS

2023-05-17 01:15 PM
11
cve
cve

CVE-2018-6203

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl...

7.8CVSS

7.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
22
cve
cve

CVE-2018-6201

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or...

7.8CVSS

7.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
29
cve
cve

CVE-2018-6202

In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl...

7.8CVSS

7.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
18
cve
cve

CVE-2021-26624

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by...

8.8CVSS

8.8AI Score

0.006EPSS

2022-04-01 11:15 PM
66
cve
cve

CVE-2018-18388

eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port...

9.8CVSS

9.4AI Score

0.002EPSS

2018-12-20 11:29 PM
25
cve
cve

CVE-2018-10098

In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to .\econceal to cause a denial of service...

5.5CVSS

5.4AI Score

0.0004EPSS

2018-07-13 05:29 PM
20