168 matches found
OpenPanel 安全漏洞
Open Panel is an open source game server control panel. An elevation of privilege vulnerability exists in Open Panel. An attacker can exploit this vulnerability to escalate privileges via the Fix Privileges feature...
CVE-2024-56517
LGSL (Live Game Server List) is affected by CVE-2024-56517 with a reflected XSS in the Referer header affecting versions up to 6.2.1. Attackers can inject arbitrary JavaScript that is echoed back into an HTML attribute in the response due to insufficient sanitization. The issue is caused by using...
PT-2024-36827 · Lgsl · Lgsl
Name of the Vulnerable Software and Affected Versions: LGSL Live Game Server List versions up to and including 6.2.1 Description: The issue is related to a reflected cross-site scripting vulnerability in the Referer HTTP header. This vulnerability allows attackers to inject arbitrary JavaScript...
LGSL 跨站脚本漏洞
LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL version 6.2.1, which stems from the inclusion of a reflective cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
GHSA-XX95-62H6-H7V3 lgsl Stored Cross-Site Scripting vulnerability
Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...
LGSL 跨站脚本漏洞
LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL versions prior to 7.0.0, which stems from vulnerability to cross-site scripting attacks...
CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...
CVE-2023-49078
CVE-2023-49078 affects raptor-web, a CMS for game server communities. Version 0.4.4 is vulnerable to a reflected cross-site scripting (XSS) flaw where a user-controlled URL parameter is loaded into an internal template with autoescape disabled, enabling script execution for victims who click a cr...
CVE-2023-38312
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client with remote control access to a game server to read arbitrary files from the underlying server via the motdfile console variable...
Directory traversal
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client with remote control access to a game server to read arbitrary files from the underlying server via the motdfile console variable...
CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...
CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...
CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...
CVE-2023-35855
CVE-2023-35855 is a buffer overflow in Counter-Strike versions through 8684 that allows a game server to run arbitrary code on a remote client by modifying the lservercfgfile console variable. The root cause is a memory corruption condition enabling code execution with network access and no user ...
MGASA-2023-0005 Updated minetest packages fix security vulnerability
This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...
Pterodactyl Cross-Site Request Forgery Vulnerability (CNVD-2021-90852)
Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A cross-site request forgery vulnerability exists in Pterodactyl, which stems from the lack of proper CSRF protection in the product's routing configuration. An attacker could exploit the vulnerability to...
CVE-2021-41176
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...
CVE-2021-24662
The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...
CVE-2021-24662
The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...