diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 9dd7b0ee69..a79f46cf88 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -61283,7 +61283,7 @@ "Joxean Koret", "juan vazquez " ], - "description": "This module exploits a command injection vulnerability found in the eScan Web Management\n Console. The vulnerability exists while processing CheckPass login requests. An attacker\n with a valid username can use a malformed password to execute arbitrary commands. With\n mwconf privileges, the runasroot utility can be abused to get root privileges. This module\n has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.", + "description": "This module exploits a command injection vulnerability found in the eScan Web Management\n Console. The vulnerability exists while processing CheckPass login requests. An attacker\n with a valid username can use a malformed password to execute arbitrary commands. With\n mwconf privileges, the runasroot utility can be abused to get root privileges. This module\n has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.", "references": [ "URL-http://www.joxeankoret.com/download/breaking_av_software-pdf.tar.gz" ], @@ -61308,14 +61308,25 @@ "targets": [ "eScan 5.5-2 / Linux" ], - "mod_time": "2020-10-02 17:38:06 +0000", + "mod_time": "2025-05-10 18:15:04 +0000", "path": "/modules/exploits/linux/antivirus/escan_password_exec.rb", "is_install_path": true, "ref_name": "linux/antivirus/escan_password_exec", "check": true, "post_auth": true, "default_credential": false, - "notes": {}, + "notes": { + "Stability": [ + "crash-safe" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, "session_types": false, "needs_cleanup": true },