quake software vulnerabilities
vulnerabilities.aspcode.net
Searching quake software vulnerabilities
Quake 1 server responds to an initial UDP game
connection
|
attackers
|
amplifier
|
spoofing
|
responds
|
traffic
|
"Smurf"
|
request
|
another
|
initial
|
remote
|
server
|
allows
|
attack
|
amount
|
style
|
large
|
which
|
Quake
|
host
|
game
|
use
|
UDP
|
Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.
Quake 2 server 3.13 on Linux does not properly
server
|
Quake
|
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
Quake 2 server allows remote attackers to cause
attackers
|
spoofed
|
address
|
service
|
source
|
packet
|
denial
|
server
|
allows
|
remote
|
cause
|
Quake
|
via
|
UDP
|
Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
Buffer overflows in Quake 1.9 client allows rem
malicious
|
arbitrary
|
overflows
|
commands
|
servers
|
execute
|
client
|
Buffer
|
remote
|
allows
|
Quake
|
long
|
via
|
Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
Quake 1 and NetQuake servers allow remote attac
attackers
|
NetQuake
|
servers
|
service
|
denial
|
remote
|
Quake
|
allow
|
cause
|
Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
Quake 3 arena 1.29f and 1.29g allows remote att
attackers
|
service
|
remote
|
denial
|
allows
|
arena
|
Quake
|
cause
|
129g
|
129f
|
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
Quake 2 (Q2) server 3.20 and 3.21 allows remote
Quake
|
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
Quake II server before R1Q2, as used in multipl
attackers
|
multiple
|
products
|
service
|
allows
|
remote
|
denial
|
before
|
server
|
cause
|
Quake
|
R1Q2
|
used
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
Buffer overflow in command-packet processing of
command-packet
|
processing
|
attackers
|
multiple
|
products
|
overflow
|
service
|
Buffer
|
allows
|
remote
|
before
|
denial
|
server
|
cause
|
Quake
|
R1Q2
|
used
|
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Absolute path traversal vulnerability in Quake
vulnerability
|
demonstrated
|
\/servercfg"
|
arbitrary
|
"download
|
attackers
|
traversal
|
multiple
|
products
|
argument
|
Absolute
|
pathname
|
Windows
|
remote
|
server
|
before
|
allows
|
files
|
Quake
|
path
|
R1Q2
|
used
|
read
|
"\/"
|
via
|
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Absolute path traversal vulnerability in Quake
vulnerability
|
attackers
|
traversal
|
multiple
|
products
|
Absolute
|
service
|
remote
|
allows
|
server
|
denial
|
before
|
cause
|
Quake
|
Linux
|
path
|
used
|
R1Q2
|
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Quake II server before R1Q2, as used in multipl
attackers
|
multiple
|
products
|
service
|
allows
|
remote
|
denial
|
before
|
server
|
cause
|
Quake
|
R1Q2
|
used
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Multiple buffer overflows in Quake II server be
overflows
|
products
|
Multiple
|
service
|
denial
|
buffer
|
server
|
before
|
users
|
cause
|
local
|
Quake
|
allow
|
R1Q2
|
used
|
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
The Quake 3 engine, as used in multiple game pa
attackers
|
multiple
|
packages
|
service
|
remote
|
denial
|
allows
|
engine
|
cause
|
Quake
|
used
|
game
|
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Quake 3 engine, as used in multiple games, allo
attackers
|
multiple
|
service
|
remote
|
denial
|
allows
|
engine
|
Quake
|
cause
|
games
|
used
|
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
Format string vulnerability in Lithium II mod 1
vulnerability
|
Lithium
|
Format
|
string
|
mod
|
Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname.
Directory traversal vulnerability in Quake 3 en
vulnerability
|
Wolfenstein
|
including
|
traversal
|
Directory
|
products
|
Castle
|
Return
|
Quake3
|
engine
|
Quake
|
Arena
|
used
|
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
Buffer overflow in the Quake 3 Engine, as used
overflow
|
Engine
|
Buffer
|
Quake
|
used
|
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
The Automatic Downloading option in the id3 Qua
Downloading
|
Automatic
|
Icculus
|
Engine
|
option
|
Quake
|
id3
|
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
client/cl_parse.c in the id3 Quake 3 Engine 1.3
client/cl_parsec
|
Icculus
|
Engine
|
Quake
|
132c
|
id3
|
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Software vulnerabilities results 1 to 20 of 28
Page:
1
2
►