Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
escanav vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-26624
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote malicious us...
Escanav Escan Anti-virus
6.1
CVSSv2
CVE-2018-6203
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C.
Escanav Anti-virus 14.0.1400.2029
1 Github repository
6.1
CVSSv2
CVE-2018-6201
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4.
Escanav Anti-virus 14.0.1400.2029
1 Github repository
6.1
CVSSv2
CVE-2018-6202
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.
Escanav Anti-virus 14.0.1400.2029
1 Github repository
NA
CVE-2023-4383
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The expl...
Escanav Escan Anti-virus 7.0.32
NA
CVE-2023-33731
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote malicious user to inject arbitrary code via the URL directly.
Escanav Escan Management Console 14.0.1400.2281
1 Github repository
NA
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote malicious user to retrieve password of any admin or normal user in plain text format.
Escanav Escan Management Console 14.0.1400.2281
1 Github repository
NA
CVE-2023-33732
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote malicious user to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
Escanav Escan Management Console 14.0.1400.2281
2 Github repositories
7.5
CVSSv2
CVE-2018-18388
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local malicious users to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.
Escanav Escan Anti-virus 14.0
NA
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote malicious user to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
Escanav Escan Management Console 14.0.1400.2281
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »