Lucene search
K

1046 matches found

NVD
NVD
added 2006/11/26 10:7 p.m.14 views

CVE-2006-6108

Cross-site scripting XSS vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...

4.3CVSS5.7AI score0.01262EPSS
Exploits0References6
CVE
CVE
added 2006/11/26 10:0 p.m.48 views

CVE-2006-6108

CVE-2006-6108 affects EC-CUBE prior to 1.0.1a-beta. It is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. The vulnerability can cause browsers to execute injected scripts, which could lead to user data expo...

4.3CVSS5.9AI score0.01262EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/11/26 10:0 p.m.21 views

CVE-2006-6108

Cross-site scripting XSS vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...

5.7AI score0.01262EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/17 12:0 a.m.25 views

JVN#61543834 EC-CUBE cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected EC-CUBE v1.0.0 and earlier For more information, refer to the vendor's website...

6.9AI score
Exploits0
Prion
Prion
added 2006/03/13 10:2 p.m.16 views

Integer overflow

Integer signedness error in the enetprotocolhandleincomingcommands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including 1 Cube, 2 Sauerbraten, and 3 Duke3dw32, allows remote attackers to cause a denial of service application crash via a packet wi...

5CVSS7.4AI score0.04318EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2006/03/13 10:0 p.m.46 views

CVE-2006-1194

The CVE-2006-1194 entry concerns an integer signedness error in the ENet library’s enet_protocol_handle_incoming_commands (protocol.c) affecting CVS-version Jul 2005 and earlier. It is used by products including Cube, Sauerbraten, and Duke3d_w32. The flaw allows a remote attacker to cause an appl...

5CVSS6.8AI score0.04318EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.26 views

GLSA-200603-10 : Cube: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200603-10 Cube: Multiple vulnerabilities Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length of the supplie...

7.5CVSS6.2AI score0.08114EPSS
Exploits3References4
Gentoo Linux
Gentoo Linux
added 2006/03/13 12:0 a.m.26 views

Cube: Multiple vulnerabilities

Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...

7.5CVSS7.7AI score0.08114EPSS
Exploits3
NVD
NVD
added 2006/03/09 1:6 p.m.21 views

CVE-2006-1100

Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...

7.5CVSS7.8AI score0.08114EPSS
Exploits1References12
Prion
Prion
added 2006/03/09 1:6 p.m.19 views

Design/Logic Flaw

Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...

5CVSS6.9AI score0.04596EPSS
Exploits1References12Affected Software2
Prion
Prion
added 2006/03/09 1:6 p.m.20 views

Out-of-bounds

The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...

5CVSS6.9AI score0.04988EPSS
Exploits1References11Affected Software2
Prion
Prion
added 2006/03/09 1:6 p.m.12 views

Null pointer dereference

engine/server.cpp in Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service segmentation fault via a client that does not completely join the game and times out, which results in a null pointer dereference...

5CVSS7.1AI score0.07012EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2006/03/09 1:6 p.m.15 views

CVE-2006-1101

The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...

5CVSS6.5AI score0.04988EPSS
Exploits1References11
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.28 views

CVE-2006-1100

Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...

7.8AI score0.08114EPSS
Exploits1References12
CVE
CVE
added 2006/03/09 11:0 a.m.51 views

CVE-2006-1101

The CVE-2006-1101 entry affects Cube (Sauerbraten 2006_02_28) via a failure to verify input length in sgetstr()/getint(), enabling remote attackers to trigger an out-of-bounds read and cause a denial of service. Connected advisories confirm the issue in Cube’s sgetstr and getint functions and not...

5CVSS6.5AI score0.04988EPSS
Exploits1References11Affected Software2
CVE
CVE
added 2006/03/09 11:0 a.m.40 views

CVE-2006-1100

CVE-2006-1100 concerns a buffer overflow in the sgetstr function in shared/cube.h of Sauerbraten (Cube engine) before and including 2006-02-28. The vulnerability can be triggered by long input streams, potentially allowing a remote attacker to execute arbitrary code with the privileges of the run...

7.5CVSS7.8AI score0.08114EPSS
Exploits1References12Affected Software2
Cvelist
Cvelist
added 2006/03/09 11:0 a.m.25 views

CVE-2006-1102

Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...

6.5AI score0.04596EPSS
Exploits1References12
securityvulns
securityvulns
added 2006/03/07 12:0 a.m.39 views

Multiple Cube / Sauerbraten game engines vulnerabilities

Multiple buffer overflows and DoS conditions...

3AI score
Exploits0References2
securityvulns
securityvulns
added 2006/03/07 12:0 a.m.38 views

Multiple vulnerabilities in Cube engine 2005_08_29

Luigi Auriemma Application: Cube engine http://www.cubeengine.com Versions: = 20050829 Platforms: Windows, nix, BSD and MacOS Bugs: A sgetstr buffer-overflow B invalid memory access C clients crash through invalid map Exploitation: remote, versus both server and clients Date: 06 Mar 2006 Author:...

0.4AI score
Exploits0
0day.today
0day.today
added 2006/03/06 12:0 a.m.31 views

Cube <= 2005_08_29 Multiple BoF/Crash Vulnerabilities Exploit

Exploit for unknown platform in category dos / poc ============================================================= Cube include include include define VER "0.1" define PORT 28765 define MAXTRANS 5000 define BOFSZ MAXTRANS + 2400 define MAPSUX...

7AI score
Exploits0
Rows per page
Query Builder