Vulnerabilities (CVE)

Filtered by vendor Escanav Subscribe
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4383 1 Escanav 1 Escan Anti-virus 2024-11-21 6.8 MEDIUM 7.8 HIGH
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-34838 1 Escanav 1 Escan Management Console 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
CVE-2023-34837 1 Escanav 1 Escan Management Console 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
CVE-2023-34836 1 Escanav 1 Escan Management Console 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
CVE-2023-34835 1 Escanav 1 Escan Management Console 2024-11-21 N/A 5.4 MEDIUM
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
CVE-2023-33732 1 Escanav 1 Escan Management Console 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
CVE-2023-33731 1 Escanav 1 Escan Management Console 2024-11-21 N/A 6.1 MEDIUM
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
CVE-2023-33730 1 Escanav 1 Escan Management Console 2024-11-21 N/A 9.8 CRITICAL
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
CVE-2023-31703 1 Escanav 1 Escan Management Console 2024-11-21 N/A 9.0 CRITICAL
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
CVE-2023-31702 1 Escanav 1 Escan Management Console 2024-11-21 N/A 7.2 HIGH
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
CVE-2023-2875 1 Escanav 1 Escan Anti-virus 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-26624 1 Escanav 1 Escan Anti-virus 2024-11-21 10.0 HIGH 7.8 HIGH
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.
CVE-2018-6203 1 Escanav 1 Anti-virus 2024-11-21 6.1 MEDIUM 7.8 HIGH
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C.
CVE-2018-6202 1 Escanav 1 Anti-virus 2024-11-21 6.1 MEDIUM 7.8 HIGH
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.
CVE-2018-6201 1 Escanav 1 Anti-virus 2024-11-21 6.1 MEDIUM 7.8 HIGH
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4.
CVE-2018-18388 1 Escanav 1 Escan Anti-virus 2024-11-21 7.5 HIGH 9.8 CRITICAL
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.
CVE-2018-10098 1 Escanav 1 Escan Internet Security Suite 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).