CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2024-42919
https://notcve.org/view.php?id=CVE-2024-42919
20 Aug 2024 — eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. • https://github.com/jeyabalaji711/CVE-2024-42919 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4383 – MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions
https://notcve.org/view.php?id=CVE-2023-4383
16 Aug 2023 — A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003 • CWE-279: Incorrect Execution-Assigned Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34835
https://notcve.org/view.php?id=CVE-2023-34835
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. • https://github.com/sahiloj/CVE-2023-34835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2023-34836
https://notcve.org/view.php?id=CVE-2023-34836
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. • https://github.com/sahiloj/CVE-2023-34836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2023-34837
https://notcve.org/view.php?id=CVE-2023-34837
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. • https://github.com/sahiloj/CVE-2023-34837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2023-34838
https://notcve.org/view.php?id=CVE-2023-34838
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. • https://github.com/sahiloj/CVE-2023-34838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33731
https://notcve.org/view.php?id=CVE-2023-33731
02 Jun 2023 — Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. • https://github.com/sahiloj/CVE-2023-33731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-33730
https://notcve.org/view.php?id=CVE-2023-33730
31 May 2023 — Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. • https://github.com/sahiloj/CVE-2023-33730 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33732
https://notcve.org/view.php?id=CVE-2023-33732
31 May 2023 — Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. • https://github.com/sahiloj/CVE-2023-33732 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2875 – eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereference
https://notcve.org/view.php?id=CVE-2023-2875
24 May 2023 — A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing • CWE-476: NULL Pointer Dereference •