CVE-2024-0695 – EFS Easy Chat Server HTTP GET Request denial of service
https://notcve.org/view.php?id=CVE-2024-0695
A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html https://vuldb.com/?ctiid.251480 https://vuldb.com/?id.251480 https://www.exploitalert.com/view-details.html?id=40072 https://www.youtube.com/watch?v=nGyS2Rp5aEo • CWE-404: Improper Resource Shutdown or Release •
CVE-2023-4495 – Easy Chat Server XSS vulnerability
https://notcve.org/view.php?id=CVE-2023-4495
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. Easy Chat Server, en su versión 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a través de /registresult.htm (método POST), en el parámetro Resume. El XSS se carga desde /register.ghp. Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4497 – Easy Chat Server XSS vulnerability
https://notcve.org/view.php?id=CVE-2023-4497
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp. Easy Chat Server, en su versión 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a través de /registresult.htm (método POST), en el parámetro Icon. El XSS se carga desde /users.ghp. Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4496 – Easy Chat Server XSS vulnerability
https://notcve.org/view.php?id=CVE-2023-4496
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. Easy Chat Server, en su versión 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada a través de /body2.ghp (método POST), en el parámetro mtowho. Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4494 – Easy Chat Server Stack-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-4494
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. Vulnerabilidad de desbordamiento del búfer en la versión 3.1 de Easy Chat Server. Un atacante podría enviar un nombre de usuario excesivamente largo al archivo register.ghp solicitando el nombre mediante una solicitud GET, lo que provocaría la ejecución de código arbitrario en la máquina remota. Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •