Aitezaz Mohsin - Security Researcher - Exploit Intelligence Platform

CVE-2017-9557 EXPLOITDB HIGH python WORKING POC

EFS Software Easy Chat Server <3.1 - Info Disclosure

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

CVSS 7.5

View Code

CVE-2017-9544 EXPLOITDB CRITICAL python WORKING POC

EFS Software Easy Chat Server <3.1 - Buffer Overflow

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

CVSS 9.8

View Code

CVE-2017-9543 EXPLOITDB HIGH python WORKING POC

EFS Software Easy Chat Server <3.1 - RCE

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.

CVSS 7.5

View Code

CVE-2017-9544 METASPLOIT CRITICAL ruby WORKING POC

EFS Software Easy Chat Server <3.1 - Buffer Overflow

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

CVSS 9.8

View Code