CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4CVE-2023-31702 – eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. eScan Management Console version 14.0.1400.2281 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51466 https://github.com/sahiloj/CVE-2023-31702 http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26624 – eScan Anti-Virus Local privilege escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26624
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. Una vulnerabilidad de escalada de privilegios local debido a un comando "runasroot" en eScan Anti-Virus. Esta vulnerabilidad es debido a argumentos no válidos y condiciones de ejecución insuficientes relacionadas con el comando "runasroot". • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18388
https://notcve.org/view.php?id=CVE-2018-18388
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. eScan Agent Application (MWAGENT.EXE) 4.0.2.98 en MicroWorld Technologies eScan 14.0 permite que atacantes locales o remotos ejecuten comandos arbitrarios mediante el envío de una carga útil cuidadosamente manipulada al puerto TCP 2222. • http://blog.escanav.com/2018/11/cve-2018-18388 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10098
https://notcve.org/view.php?id=CVE-2018-10098
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). En MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, el controlador econceal.sys permite que un usuario no privilegiado envíe una petición IOCTL 0x830020E0 a \\.\econceal para provocar una denegación de servicio (BSOD). • http://seclists.org/fulldisclosure/2018/Jul/53 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6202
https://notcve.org/view.php?id=CVE-2018-6202
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. En eScan Antivirus 14.0.1400.2029, el archivo del controlador (econceal.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x830020F8. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/EscanAV_POC/tree/master/0x830020F8 • CWE-20: Improper Input Validation •