VYPR

Easy Address Book Web Server

by EFS Software

CVEs (5)

  • CVE-2023-4491CriOct 4, 2023
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the…

  • CVE-2023-4493MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This…

  • CVE-2023-4492MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload…

  • CVE-2006-5715Nov 4, 2006
    risk 0.03cvss epss 0.06

    Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.

  • CVE-2006-4654Sep 9, 2006
    risk 0.03cvss epss 0.02

    Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.