1046 matches found
CVE-2006-6108
Cross-site scripting XSS vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
CVE-2006-6108
CVE-2006-6108 affects EC-CUBE prior to 1.0.1a-beta. It is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. The vulnerability can cause browsers to execute injected scripts, which could lead to user data expo...
CVE-2006-6108
Cross-site scripting XSS vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
JVN#61543834 EC-CUBE cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected EC-CUBE v1.0.0 and earlier For more information, refer to the vendor's website...
Integer overflow
Integer signedness error in the enetprotocolhandleincomingcommands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including 1 Cube, 2 Sauerbraten, and 3 Duke3dw32, allows remote attackers to cause a denial of service application crash via a packet wi...
CVE-2006-1194
The CVE-2006-1194 entry concerns an integer signedness error in the ENet library’s enet_protocol_handle_incoming_commands (protocol.c) affecting CVS-version Jul 2005 and earlier. It is used by products including Cube, Sauerbraten, and Duke3d_w32. The flaw allows a remote attacker to cause an appl...
GLSA-200603-10 : Cube: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200603-10 Cube: Multiple vulnerabilities Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length of the supplie...
Cube: Multiple vulnerabilities
Background Cube is an open source first person shooter game engine supporting multiplayer via LAN or internet. Description Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr function CVE-2006-1100 and that the sgetstr and getint functions fail to verify the length...
CVE-2006-1100
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
Design/Logic Flaw
Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...
Out-of-bounds
The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...
Null pointer dereference
engine/server.cpp in Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service segmentation fault via a client that does not completely join the game and times out, which results in a null pointer dereference...
CVE-2006-1101
The 1 sgetstr and 2 getint functions in Sauerbraten 20060228, as derived from the Cube engine, allow remote attackers to cause a denial of service segmentation fault via long streams of input data that trigger an out-of-bounds read, as demonstrated using SVEXT tag data in the Cube engine, which i...
CVE-2006-1100
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
CVE-2006-1101
The CVE-2006-1101 entry affects Cube (Sauerbraten 2006_02_28) via a failure to verify input length in sgetstr()/getint(), enabling remote attackers to trigger an out-of-bounds read and cause a denial of service. Connected advisories confirm the issue in Cube’s sgetstr and getint functions and not...
CVE-2006-1100
CVE-2006-1100 concerns a buffer overflow in the sgetstr function in shared/cube.h of Sauerbraten (Cube engine) before and including 2006-02-28. The vulnerability can be triggered by long input streams, potentially allowing a remote attacker to execute arbitrary code with the privileges of the run...
CVE-2006-1102
Sauerbraten 20060228, as derived from the Cube engine, allows remote attackers to cause a denial of service client exit by forcing the server to change to a map ogz file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension...
Multiple Cube / Sauerbraten game engines vulnerabilities
Multiple buffer overflows and DoS conditions...
Multiple vulnerabilities in Cube engine 2005_08_29
Luigi Auriemma Application: Cube engine http://www.cubeengine.com Versions: = 20050829 Platforms: Windows, nix, BSD and MacOS Bugs: A sgetstr buffer-overflow B invalid memory access C clients crash through invalid map Exploitation: remote, versus both server and clients Date: 06 Mar 2006 Author:...
Cube <= 2005_08_29 Multiple BoF/Crash Vulnerabilities Exploit
Exploit for unknown platform in category dos / poc ============================================================= Cube include include include define VER "0.1" define PORT 28765 define MAXTRANS 5000 define BOFSZ MAXTRANS + 2400 define MAPSUX...