CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4CVE-2023-31703 – eScan Management Console 14.0.1400.2281 - Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-31703
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. eScan Management Console version 14.0.1400.2281 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51467 https://github.com/sahiloj/CVE-2023-31703 http://packetstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.html https://github.com/sahiloj/CVE-2023-31703/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26624 – eScan Anti-Virus Local privilege escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26624
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. Una vulnerabilidad de escalada de privilegios local debido a un comando "runasroot" en eScan Anti-Virus. Esta vulnerabilidad es debido a argumentos no válidos y condiciones de ejecución insuficientes relacionadas con el comando "runasroot". • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18388
https://notcve.org/view.php?id=CVE-2018-18388
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. eScan Agent Application (MWAGENT.EXE) 4.0.2.98 en MicroWorld Technologies eScan 14.0 permite que atacantes locales o remotos ejecuten comandos arbitrarios mediante el envío de una carga útil cuidadosamente manipulada al puerto TCP 2222. • http://blog.escanav.com/2018/11/cve-2018-18388 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10098
https://notcve.org/view.php?id=CVE-2018-10098
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). En MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, el controlador econceal.sys permite que un usuario no privilegiado envíe una petición IOCTL 0x830020E0 a \\.\econceal para provocar una denegación de servicio (BSOD). • http://seclists.org/fulldisclosure/2018/Jul/53 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6201
https://notcve.org/view.php?id=CVE-2018-6201
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4. En eScan Antivirus 14.0.1400.2029, el archivo del controlador (econceal.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x830020E0 o 0x830020E4. • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/EscanAV_POC/tree/master/0x830020E0_0x830020E4 • CWE-20: Improper Input Validation •