HOMEVULNERABILITIESVENDORSMicroworld Technologies

Microworld TechnologiesCVEs & Vulnerabilities

8 CVEs affecting Microworld Technologies products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

mailscan 4escan 3escan internet security 1escan server 1escan virus control 1escan management console 1escan anti-virus 1
CVE-2008-3726MEDIUM

Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.

20 Aug 2008
4.3
CVSS
CVE-2008-3727MEDIUM

Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

20 Aug 2008
5.0
CVSS
CVE-2008-3728MEDIUM

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.

20 Aug 2008
5.0
CVSS
CVE-2008-3729HIGH

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.

20 Aug 2008
7.5
CVSS
CVE-2008-1221MEDIUMpoc

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

10 Mar 2008
5.0
CVSS
CVE-2007-4649HIGHpoc

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

1 Sep 2007
7.2
CVSS
CVE-2007-2687CRITICAL

Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.

24 May 2007
10.0
CVSS
CVE-2007-0655CRITICAL

The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.

2 May 2007
10.0
CVSS
← PrevPage 1 / 1Next →