Echatserver: >> Easy Chat Server >> 3.0 Security Vulnerabilities
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-12
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-12
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.483
Published
2017-06-12