Lucene search
+L

168 matches found

CNNVD
CNNVD
added 2025/03/08 12:0 a.m.6 views

OpenPanel 安全漏洞

Open Panel is an open source game server control panel. An elevation of privilege vulnerability exists in Open Panel. An attacker can exploit this vulnerability to escalate privileges via the Fix Privileges feature...

8CVSS7.4AI score0.00421EPSS
Exploits2References5
CVE
CVE
added 2024/12/30 4:36 p.m.70 views

CVE-2024-56517

LGSL (Live Game Server List) is affected by CVE-2024-56517 with a reflected XSS in the Referer header affecting versions up to 6.2.1. Attackers can inject arbitrary JavaScript that is echoed back into an HTML attribute in the response due to insufficient sanitization. The issue is caused by using...

5.3CVSS5.8AI score0.0061EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.6 views

PT-2024-36827 · Lgsl · Lgsl

Name of the Vulnerable Software and Affected Versions: LGSL Live Game Server List versions up to and including 6.2.1 Description: The issue is related to a reflected cross-site scripting vulnerability in the Referer HTTP header. This vulnerability allows attackers to inject arbitrary JavaScript...

5.3CVSS6.2AI score0.0061EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.5 views

LGSL 跨站脚本漏洞

LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL version 6.2.1, which stems from the inclusion of a reflective cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

5.3CVSS5.9AI score0.0061EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/26 9:59 p.m.8 views

CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

5.3CVSS5.2AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2024/12/26 8:20 p.m.5 views

GHSA-XX95-62H6-H7V3 lgsl Stored Cross-Site Scripting vulnerability

Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...

5.3CVSS5.1AI score0.00435EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/26 12:0 a.m.5 views

LGSL 跨站脚本漏洞

LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL versions prior to 7.0.0, which stems from vulnerability to cross-site scripting attacks...

5.3CVSS5.8AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 5:34 p.m.16 views

CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

6.4CVSS6.1AI score0.00394EPSS
Exploits0References5
CVE
CVE
added 2023/11/28 6:15 p.m.45 views

CVE-2023-49078

CVE-2023-49078 affects raptor-web, a CMS for game server communities. Version 0.4.4 is vulnerable to a reflected cross-site scripting (XSS) flaw where a user-controlled URL parameter is loaded into an internal template with autoescape disabled, enabling script execution for victims who click a cr...

6.1CVSS5.6AI score0.00454EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/10/15 7:15 p.m.31 views

CVE-2023-38312

A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client with remote control access to a game server to read arbitrary files from the underlying server via the motdfile console variable...

7.5CVSS7.5AI score0.00766EPSS
Exploits0References1
Prion
Prion
added 2023/10/15 7:15 p.m.23 views

Directory traversal

A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client with remote control access to a game server to read arbitrary files from the underlying server via the motdfile console variable...

5CVSS7.5AI score0.00766EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/19 4:15 a.m.18 views

CVE-2023-35855

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...

9.8CVSS9.8AI score0.01069EPSS
Exploits1References1
OSV
OSV
added 2023/06/19 4:15 a.m.3 views

CVE-2023-35855

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...

9.8CVSS6.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/19 4:15 a.m.4 views

CVE-2023-35855

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable...

9.8CVSS6.4AI score0.01069EPSS
Exploits1References2
CVE
CVE
added 2023/06/19 12:0 a.m.103 views

CVE-2023-35855

CVE-2023-35855 is a buffer overflow in Counter-Strike versions through 8684 that allows a game server to run arbitrary code on a remote client by modifying the lservercfgfile console variable. The root cause is a memory corruption condition enabling code execution with network access and no user ...

9.8CVSS9.8AI score0.01069EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/13 5:37 p.m.7 views

MGASA-2023-0005 Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...

10CVSS9.4AI score0.02195EPSS
Exploits0References7
CNVD
CNVD
added 2021/11/22 12:0 a.m.19 views

Pterodactyl Cross-Site Request Forgery Vulnerability (CNVD-2021-90852)

Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A cross-site request forgery vulnerability exists in Pterodactyl, which stems from the lack of proper CSRF protection in the product's routing configuration. An attacker could exploit the vulnerability to...

4.3CVSS2.3AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2021/10/25 5:15 p.m.29 views

CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

4.3CVSS0.00503EPSS
Exploits0References3
NVD
NVD
added 2021/10/25 2:15 p.m.15 views

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

7.2CVSS0.013EPSS
Exploits2References1
OSV
OSV
added 2021/10/25 2:15 p.m.3 views

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

7.2CVSS5.8AI score0.013EPSS
Exploits2References1
Rows per page
Query Builder