VYPR
Vendor

EFS Software

Products
5
CVEs
28
Across products
29
Status
Private

Products

5

Recent CVEs

28
View all 28 CVEs →
  • CVE-2017-9544CriJun 12, 2017
    risk 0.69cvss 9.8epss 0.24

    There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

  • CVE-2018-25221CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing…

  • CVE-2023-4494CriOct 4, 2023
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.

  • CVE-2023-4491CriOct 4, 2023
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the…

  • CVE-2022-44939HigJan 6, 2023
    risk 0.51cvss 7.8epss 0.00

    Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

  • CVE-2019-25613HigMar 22, 2026
    risk 0.49cvss 7.5epss 0.01

    Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an…

  • CVE-2019-20502HigMar 5, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

  • CVE-2017-9557HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.02

    register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

  • CVE-2017-9543HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.01

    register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.

  • CVE-2023-4497MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.

  • CVE-2023-4496MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.

  • CVE-2023-4495MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.

  • CVE-2023-4493MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This…

  • CVE-2023-4492MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload…

  • CVE-2004-2466Dec 31, 2004
    risk 0.09cvss epss 0.75

    chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.

  • CVE-2006-3952Aug 1, 2006
    risk 0.08cvss epss 0.67

    Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

  • CVE-2006-1159Mar 12, 2006
    risk 0.04cvss epss 0.07

    Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.

  • CVE-2006-5715Nov 4, 2006
    risk 0.03cvss epss 0.06

    Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.

  • CVE-2006-5714Nov 4, 2006
    risk 0.03cvss epss 0.06

    Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.

  • CVE-2006-4654Sep 9, 2006
    risk 0.03cvss epss 0.02

    Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.