CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4383 – MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions
https://notcve.org/view.php?id=CVE-2023-4383
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003 https://vuldb.com/?ctiid.237315 https://vuldb.com/?id.237315 • CWE-279: Incorrect Execution-Assigned Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34836
https://notcve.org/view.php?id=CVE-2023-34836
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. • https://github.com/sahiloj/CVE-2023-34836 https://github.com/sahiloj/CVE-2023-34836/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34837
https://notcve.org/view.php?id=CVE-2023-34837
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. • https://github.com/sahiloj/CVE-2023-34837 https://github.com/sahiloj/CVE-2023-34837/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34838
https://notcve.org/view.php?id=CVE-2023-34838
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. • https://github.com/sahiloj/CVE-2023-34838 https://github.com/sahiloj/CVE-2023-34838/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34835
https://notcve.org/view.php?id=CVE-2023-34835
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. • https://github.com/sahiloj/CVE-2023-34835 https://github.com/sahiloj/CVE-2023-34835/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •