7 matches found
CVE-2019-20502
The CVE-2019-20502 entry applies to EFS Easy Chat Server 3.1, describing a buffer overflow triggered by a long body2.ghp message parameter. Connected sources (Red Hat CVE, NVD/NVD variants) confirm the affected product and the underlying issue, but do not provide exploit details or remediation st...
CVE-2022-44939
CVE-2022-44939 affects Efs Software Easy Chat Server 3.1; a DLL hijacking flaw in TextShaping.dll allows local attackers to execute arbitrary code via a crafted DLL. Impact: full code execution with high impact. Mitigation/remediation: as per PT-2023-14570, restrict access to TextShaping.dll or a...
CVE-2017-9544
CVE-2017-9544 affects EFS Software Easy Chat Server, versions 2.0–3.1. The issue is a remote stack-based/SEH buffer overflow in register.ghp when a long username is sent to registresult.htm during user registration, enabling arbitrary code execution. Public references include an exploit example i...
CVE-2017-9557
CVE-2017-9557 affects EFS Software Easy Chat Server (versions 2.0–3.1). The issue allows remote attackers to obtain user passwords by sending a crafted request containing the username parameter together with an empty password parameter, then reading the HTML source of the response. This is a info...
CVE-2017-9543
The CVE-2017-9543 entry concerns EFS Software Easy Chat Server (versions 2.0–3.1). The underlying issue is in the register.ghp handling, which allows a remote attacker to reset arbitrary user passwords by sending a crafted POST to registresult.htm. Reported impact includes the ability to change p...
CVE-2018-25221
Affected product: EChat Server 3.1. Vulnerability: Buffer overflow in the chat.ghp endpoint, exploitable by sending a GET request with an oversized username value, leading to remote code execution in the application context. The provided description states that shellcode and ROP gadgets can be us...
CVE-2019-25613
Easy Chat Server 3.1 is affected by a denial-of-service vulnerability where sending an oversized message parameter crashes the service. The exploit flow involves an attacker first establishing a session via the chat.ghp endpoint, then issuing a POST to body2.ghp with an excessively large message ...