VYPR

Vendor CVEs

MicroWorld Technologies

All CVEs

28 total · sorted by risk
  • CVE-2024-13990CriSep 19, 2025
    risk 0.60cvss epss 0.01

    MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute…

  • CVE-2024-28519HigMay 3, 2024
    risk 0.51cvss 7.8epss 0.00

    A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users.

  • CVE-2018-10098MedJul 13, 2018
    risk 0.36cvss 5.5epss 0.00

    In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

  • CVE-2023-31702May 17, 2023
    risk 0.04cvss epss 0.04

    SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

  • CVE-2023-31703May 17, 2023
    risk 0.04cvss epss 0.04

    Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

  • CVE-2008-1221Mar 10, 2008
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

  • CVE-2007-4649Aug 31, 2007
    risk 0.03cvss epss 0.01

    MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by…

  • CVE-2025-1370Feb 17, 2025
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to…

  • CVE-2025-0798Jan 29, 2025
    risk 0.00cvss epss 0.07

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be…

  • CVE-2025-0797Jan 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The…

  • CVE-2024-13188Jan 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default…

  • CVE-2023-4383Aug 16, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The…

  • CVE-2023-34837Jun 27, 2023
    risk 0.00cvss epss 0.01

    A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.

  • CVE-2023-34838Jun 27, 2023
    risk 0.00cvss epss 0.01

    A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

  • CVE-2023-34835Jun 27, 2023
    risk 0.00cvss epss 0.01

    A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.

  • CVE-2023-34836Jun 27, 2023
    risk 0.00cvss epss 0.01

    A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.

  • CVE-2023-33731Jun 2, 2023
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.

  • CVE-2023-33730May 31, 2023
    risk 0.00cvss epss 0.01

    Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

  • CVE-2023-33732May 31, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.

  • CVE-2021-26624Apr 1, 2022
    risk 0.00cvss epss 0.02

    An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root…

  • CVE-2018-18388Dec 20, 2018
    risk 0.00cvss epss 0.02

    eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.

  • CVE-2014-2385Jul 22, 2014
    risk 0.00cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3)…

  • CVE-2008-3727Aug 20, 2008
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2008-3729Aug 20, 2008
    risk 0.00cvss epss 0.02

    Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.

  • CVE-2008-3726Aug 20, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.

  • CVE-2008-3728Aug 20, 2008
    risk 0.00cvss epss 0.02

    Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests…

  • CVE-2007-2687May 24, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.

  • CVE-2007-0655May 2, 2007
    risk 0.00cvss epss 0.03

    The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.