Vendor CVEs
MicroWorld Technologies
All CVEs
28 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13990 | Cri | 0.60 | — | 0.01 | Sep 19, 2025 | MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute… | ||
| CVE-2024-28519 | Hig | 0.51 | 7.8 | 0.00 | May 3, 2024 | A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users. | ||
| CVE-2018-10098 | Med | 0.36 | 5.5 | 0.00 | Jul 13, 2018 | In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). | ||
| CVE-2023-31702 | 0.04 | — | 0.04 | May 17, 2023 | SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. | |||
| CVE-2023-31703 | 0.04 | — | 0.04 | May 17, 2023 | Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. | |||
| CVE-2008-1221 | 0.03 | — | 0.03 | Mar 10, 2008 | Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command. | |||
| CVE-2007-4649 | 0.03 | — | 0.01 | Aug 31, 2007 | MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by… | |||
| CVE-2025-1370 | 0.00 | — | 0.02 | Feb 17, 2025 | A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to… | |||
| CVE-2025-0798 | 0.00 | — | 0.07 | Jan 29, 2025 | A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be… | |||
| CVE-2025-0797 | 0.00 | — | 0.00 | Jan 29, 2025 | A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The… | |||
| CVE-2024-13188 | 0.00 | — | 0.00 | Jan 8, 2025 | A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default… | |||
| CVE-2023-4383 | 0.00 | — | 0.00 | Aug 16, 2023 | A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The… | |||
| CVE-2023-34837 | 0.00 | — | 0.01 | Jun 27, 2023 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | |||
| CVE-2023-34838 | 0.00 | — | 0.01 | Jun 27, 2023 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | |||
| CVE-2023-34835 | 0.00 | — | 0.01 | Jun 27, 2023 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | |||
| CVE-2023-34836 | 0.00 | — | 0.01 | Jun 27, 2023 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | |||
| CVE-2023-33731 | 0.00 | — | 0.01 | Jun 2, 2023 | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | |||
| CVE-2023-33730 | 0.00 | — | 0.01 | May 31, 2023 | Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | |||
| CVE-2023-33732 | 0.00 | — | 0.01 | May 31, 2023 | Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | |||
| CVE-2021-26624 | 0.00 | — | 0.02 | Apr 1, 2022 | An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root… | |||
| CVE-2018-18388 | 0.00 | — | 0.02 | Dec 20, 2018 | eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. | |||
| CVE-2014-2385 | 0.00 | — | 0.04 | Jul 22, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3)… | |||
| CVE-2008-3727 | 0.00 | — | 0.03 | Aug 20, 2008 | Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2008-3729 | 0.00 | — | 0.02 | Aug 20, 2008 | Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | |||
| CVE-2008-3726 | 0.00 | — | 0.01 | Aug 20, 2008 | Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||
| CVE-2008-3728 | 0.00 | — | 0.02 | Aug 20, 2008 | Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests… | |||
| CVE-2007-2687 | 0.00 | — | 0.06 | May 24, 2007 | Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | |||
| CVE-2007-0655 | 0.00 | — | 0.03 | May 2, 2007 | The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. |
- risk 0.60cvss —epss 0.01
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute…
- risk 0.51cvss 7.8epss 0.00
A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users.
- risk 0.36cvss 5.5epss 0.00
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).
- CVE-2023-31702May 17, 2023risk 0.04cvss —epss 0.04
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
- CVE-2023-31703May 17, 2023risk 0.04cvss —epss 0.04
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
- CVE-2008-1221Mar 10, 2008risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.
- CVE-2007-4649Aug 31, 2007risk 0.03cvss —epss 0.01
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by…
- CVE-2025-1370Feb 17, 2025risk 0.00cvss —epss 0.02
A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to…
- CVE-2025-0798Jan 29, 2025risk 0.00cvss —epss 0.07
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be…
- CVE-2025-0797Jan 29, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The…
- CVE-2024-13188Jan 8, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default…
- CVE-2023-4383Aug 16, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The…
- CVE-2023-34837Jun 27, 2023risk 0.00cvss —epss 0.01
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
- CVE-2023-34838Jun 27, 2023risk 0.00cvss —epss 0.01
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
- CVE-2023-34835Jun 27, 2023risk 0.00cvss —epss 0.01
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
- CVE-2023-34836Jun 27, 2023risk 0.00cvss —epss 0.01
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
- CVE-2023-33731Jun 2, 2023risk 0.00cvss —epss 0.01
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
- CVE-2023-33730May 31, 2023risk 0.00cvss —epss 0.01
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
- CVE-2023-33732May 31, 2023risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
- CVE-2021-26624Apr 1, 2022risk 0.00cvss —epss 0.02
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root…
- CVE-2018-18388Dec 20, 2018risk 0.00cvss —epss 0.02
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.
- CVE-2014-2385Jul 22, 2014risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3)…
- CVE-2008-3727Aug 20, 2008risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2008-3729Aug 20, 2008risk 0.00cvss —epss 0.02
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
- CVE-2008-3726Aug 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
- CVE-2008-3728Aug 20, 2008risk 0.00cvss —epss 0.02
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests…
- CVE-2007-2687May 24, 2007risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
- CVE-2007-0655May 2, 2007risk 0.00cvss —epss 0.03
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.