13 matches found
EUVD-2015-5086
Malware in sbrugna...
Mageia: Security Advisory (MGASA-2015-0282)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-5069
The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML...
Design/Logic Flaw
The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to...
CVE-2015-5069
The 1 filesystem::getwmllocation function in filesystem.cpp and 2 islegalfile function in filesystemboost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML...
CVE-2015-5070
The CVE-2015-5070 entry concerns Battle for Wesnoth prior to 1.12.4 and 1.13.x before 1.13.1, where the functions filesystem::get_wml_location (filesystem.cpp) and is_legal_file (filesystem_boost.cpp) on case-insensitive filesystems could disclose sensitive information via vectors related to .pbl...
CVE-2015-5069
CVE-2015-5069 pertains to the Battle for Wesnoth game. The vulnerability affects versions prior to 1.12.3 and 1.13.x prior to 1.13.1, where two functions (filesystem::get_wml_location in filesystem.cpp and is_legal_file in filesystem_boost.cpp) could allow remote attackers to exfiltrate sensitive...
Mageia: Security Advisory (MGASA-2015-0283)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed usi...
Updated wesnoth packages fix security vulnerability
Toom Lõhmus discovered that the Lua API and preprocessor in the Battle for Wesnoth game up to version 1.12.2 included could lead to client-side authentication information disclosure using maliciously crafted files with the .pdb extension CVE-2015-5069, CVE-2015-5070. This issue has been fixed in...
wesnoth: information leakage
Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...
FreeBSD : wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension (2a8b7d21-1ecc-11e5-a4a5-002590263bf5)
Ignacio R. Morelle reports : As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over th...
wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension
Ignacio R. Morelle reports: As mentioned in the Wesnoth 1.12.4 and Wesnoth 1.13.1 release announcements, a security vulnerability targeting add-on authors was found bug 23504 which allowed a malicious user to obtain add-on server passphrases from the client's .pbl files and transmit them over the...