Echatserver Easy Chat Server vulnerabilities
7 known vulnerabilities affecting echatserver/easy_chat_server.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5
Vulnerabilities
Page 1 of 1
CVE-2017-9544P2CRITICALCVSS 9.8PoC≥ 2.0, ≤ 3.12017-06-12
CVE-2017-9544 [CRITICAL] CWE-787 CVE-2017-9544: There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
nvd
CVE-2018-25221P3CRITICALCVSS 9.8≤ 3.12026-03-28
CVE-2018-25221 [CRITICAL] CWE-787 CVE-2018-25221: EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remot
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application contex
nvd
CVE-2017-9557P3HIGHCVSS 7.5≥ 2.0, ≤ 3.12017-06-12
CVE-2017-9557 [HIGH] CWE-522 CVE-2017-9557: register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discove
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
nvd
CVE-2017-9543P3HIGHCVSS 7.5≥ 2.0, ≤ 3.12017-06-12
CVE-2017-9543 [HIGH] CWE-640 CVE-2017-9543: register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset a
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
nvd
CVE-2019-25613P3HIGHCVSS 7.5v3.12026-03-22
CVE-2019-25613 [HIGH] CWE-940 CVE-2019-25613: Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to cras
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
nvd
CVE-2022-44939P4HIGHCVSS 7.8v3.12023-01-06
CVE-2022-44939 [HIGH] CWE-427 CVE-2022-44939: Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability vi
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
nvd
CVE-2019-20502P4HIGHCVSS 7.5v3.12020-03-05
CVE-2019-20502 [HIGH] CWE-120 CVE-2019-20502: An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.
nvd