Efs Software Easy Address Book Web Server vulnerabilities
4 known vulnerabilities affecting efs_software/easy_address_book_web_server.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-4491P3CRITICALCVSS 9.8v1.62023-10-04
CVE-2023-4491 [CRITICAL] CWE-119 CVE-2023-4491: Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.
nvd
CVE-2006-4654P4MEDIUMCVSS 5.1PoCv1.22006-09-09
CVE-2006-4654 [MEDIUM] CVE-2006-4654: Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a d
Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.
nvd
CVE-2023-4492P4MEDIUMCVSS 6.1v1.62023-10-04
CVE-2023-4492 [MEDIUM] CWE-79 CVE-2023-4492: Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, home
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded
nvd
CVE-2023-4493P4MEDIUMCVSS 5.4v1.62023-10-04
CVE-2023-4493 [MEDIUM] CWE-79 CVE-2023-4493: Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload
nvd