Filtered by vendor Escanav
Subscribe
Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4383 | 1 Escanav | 1 Escan Anti-virus | 2024-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2875 | 1 Escanav | 1 Escan Anti-virus | 2024-04-11 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-33732 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | |||||
| CVE-2023-31703 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 9.0 CRITICAL |
| Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. | |||||
| CVE-2023-33731 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | |||||
| CVE-2023-34837 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | |||||
| CVE-2023-33730 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 9.8 CRITICAL |
| Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | |||||
| CVE-2023-34838 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | |||||
| CVE-2023-31702 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 7.2 HIGH |
| SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. | |||||
| CVE-2023-34836 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | |||||
| CVE-2023-34835 | 1 Escanav | 1 Escan Management Console | 2023-12-10 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | |||||
| CVE-2021-26624 | 1 Escanav | 1 Escan Anti-virus | 2023-12-10 | 10.0 HIGH | 8.8 HIGH |
| An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | |||||
| CVE-2018-10098 | 1 Escanav | 1 Escan Internet Security Suite | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). | |||||
| CVE-2018-18388 | 1 Escanav | 1 Escan Anti-virus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. | |||||
| CVE-2018-6203 | 1 Escanav | 1 Anti-virus | 2023-12-10 | 6.1 MEDIUM | 7.8 HIGH |
| In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. | |||||
| CVE-2018-6202 | 1 Escanav | 1 Anti-virus | 2023-12-10 | 6.1 MEDIUM | 7.8 HIGH |
| In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. | |||||
| CVE-2018-6201 | 1 Escanav | 1 Anti-virus | 2023-12-10 | 6.1 MEDIUM | 7.8 HIGH |
| In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4. | |||||