CVSS: 8.3EPSS: 10%CPEs: 1EXPL: 5CVE-2023-31702 – eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31702
17 May 2023 — SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. eScan Management Console version 14.0.1400.2281 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/172545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 5CVE-2023-31703 – eScan Management Console 14.0.1400.2281 - Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-31703
17 May 2023 — Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. eScan Management Console version 14.0.1400.2281 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/172540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26624 – eScan Anti-Virus Local privilege escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26624
01 Apr 2022 — An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. Una vulnerabilidad de escalada de privilegios local debido a un comando "runasroot" en eScan Anti-Virus. Esta vulnerabilidad es debido a argumentos no válidos y condiciones de ejecución insufic... • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18388
https://notcve.org/view.php?id=CVE-2018-18388
20 Dec 2018 — eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. eScan Agent Application (MWAGENT.EXE) 4.0.2.98 en MicroWorld Technologies eScan 14.0 permite que atacantes locales o remotos ejecuten comandos arbitrarios mediante el envío de una carga útil cuidadosamente manipulada al puerto TCP 2222. • http://blog.escanav.com/2018/11/cve-2018-18388 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10098 – ISS for Business 14.0.1400.2029 Blue Screen of Death
https://notcve.org/view.php?id=CVE-2018-10098
13 Jul 2018 — In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). En MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, el controlador econceal.sys permite que un usuario no privilegiado envíe una petición IOCTL 0x830020E0 a \\.\econceal para provocar una denegación de servicio (BSOD). In MicroWorld eScan Internet Security Suite (I... • http://seclists.org/fulldisclosure/2018/Jul/53 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6201
https://notcve.org/view.php?id=CVE-2018-6201
25 Jan 2018 — In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4. En eScan Antivirus 14.0.1400.2029, el archivo del controlador (econceal.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x830020... • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/EscanAV_POC/tree/master/0x830020E0_0x830020E4 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6202
https://notcve.org/view.php?id=CVE-2018-6202
25 Jan 2018 — In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. En eScan Antivirus 14.0.1400.2029, el archivo del controlador (econceal.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x830020F8. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/EscanAV_POC/tree/master/0x830020F8 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6203
https://notcve.org/view.php?id=CVE-2018-6203
25 Jan 2018 — In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. En eScan Antivirus 14.0.1400.2029, el archivo del controlador (econceal.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x8300210C. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/EscanAV_POC/tree/master/0x8300210C • CWE-20: Improper Input Validation •