Easy Chat Server
by EFS Software
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9544 | Cri | 0.69 | 9.8 | 0.24 | Jun 12, 2017 | There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code. | ||
| CVE-2018-25221 | Cri | 0.64 | 9.8 | 0.01 | Mar 28, 2026 | EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing… | ||
| CVE-2023-4494 | Cri | 0.64 | 9.8 | 0.01 | Oct 4, 2023 | Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. | ||
| CVE-2022-44939 | Hig | 0.51 | 7.8 | 0.00 | Jan 6, 2023 | Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | ||
| CVE-2019-25613 | Hig | 0.49 | 7.5 | 0.01 | Mar 22, 2026 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an… | ||
| CVE-2019-20502 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2020 | An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter. | ||
| CVE-2017-9557 | Hig | 0.49 | 7.5 | 0.02 | Jun 12, 2017 | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | ||
| CVE-2017-9543 | Hig | 0.49 | 7.5 | 0.01 | Jun 12, 2017 | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | ||
| CVE-2023-4497 | Med | 0.40 | 6.1 | 0.00 | Oct 4, 2023 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp. | ||
| CVE-2023-4496 | Med | 0.40 | 6.1 | 0.00 | Oct 4, 2023 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. | ||
| CVE-2023-4495 | Med | 0.40 | 6.1 | 0.00 | Oct 4, 2023 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. | ||
| CVE-2004-2466 | 0.09 | — | 0.75 | Dec 31, 2004 | chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected. | |||
| CVE-2006-6933 | 0.00 | — | 0.02 | Jan 16, 2007 | Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information… | |||
| CVE-2004-2465 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2004-2467 | 0.00 | — | 0.03 | Dec 31, 2004 | chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash). |
- risk 0.69cvss 9.8epss 0.24
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing…
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.
- risk 0.51cvss 7.8epss 0.00
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
- risk 0.49cvss 7.5epss 0.01
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.
- risk 0.49cvss 7.5epss 0.02
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
- risk 0.49cvss 7.5epss 0.01
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
- risk 0.40cvss 6.1epss 0.00
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.
- risk 0.40cvss 6.1epss 0.00
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.
- risk 0.40cvss 6.1epss 0.00
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.
- CVE-2004-2466Dec 31, 2004risk 0.09cvss —epss 0.75
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
- CVE-2006-6933Jan 16, 2007risk 0.00cvss —epss 0.02
Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information…
- CVE-2004-2465Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
- CVE-2004-2467Dec 31, 2004risk 0.00cvss —epss 0.03
chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).