316 matches found
CVE-2023-23917
A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...
CVE-2022-44939
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
CVE-2022-44939
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
Design/Logic Flaw
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
CVE-2022-44939
CVE-2022-44939 affects Efs Software Easy Chat Server 3.1; a DLL hijacking flaw in TextShaping.dll allows local attackers to execute arbitrary code via a crafted DLL. Impact: full code execution with high impact. Mitigation/remediation: as per PT-2023-14570, restrict access to TextShaping.dll or a...
CVE-2022-44939
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
Chat Server 代码问题漏洞
Chat Server is ramank775 individual developer's chat server based on microservices architecture, supports high availability, high throughput, horizontal expansion. A security vulnerability exists in Efs Software Easy Chat Server version 3.1, which originates from a DLL hijacking vulnerability tha...
PT-2023-14570 · Efs · Efs Software Easy Chat Server
Name of the Vulnerable Software and Affected Versions: Efs Software Easy Chat Server version 3.1 Description: The issue allows attackers to execute arbitrary code via a crafted DLL, exploiting a DLL hijacking vulnerability through the TextShaping.dll component. Recommendations: For Efs Software...
CVE-2022-44939
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL...
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit
Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...
PYSEC-2022-224
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...
MAL-2022-1678 Malicious code in breakout-chat-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8e13b6a2b5cc5f8e33630acfd72933e8c38a79591e01e7d2104e695661e9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in breakout-chat-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8e13b6a2b5cc5f8e33630acfd72933e8c38a79591e01e7d2104e695661e9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Authentication flaw
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013 Authentication bypass in Vartalap chat-server
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013 Authentication bypass in Vartalap chat-server
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013
Chat Server (Vartalap) vulnerability CVE-2022-31013 affects versions 2.3.2–2.6.0. Root cause is a token validation bug where this.authProvider.verifyAccessKey is treated as asynchronous without awaiting results, enabling authentication bypass. A patch exists in version 2.6.0. Public references ac...
CVE-2022-31013 Authentication bypass in Vartalap chat-server
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
Chat Server 输入验证错误漏洞
Chat Server is ramank775 individual developer's chat server based on microservices architecture, supporting high availability, high throughput, and horizontal scaling. An input validation error vulnerability exists in Chat Server versions 2.3.2 through 2.6.0, which stems from the application havi...