Fundamental Security Concepts and Best Practices Every Game Developer Should Know

Gaming is now the world’s favorite form of entertainment, with Newzoo reporting that by 2023 there will be more than three billion gamers across the planet. With the growth of multiplayer games, however, the number of cheaters has also increased. A study by The New York Times found that almost 50...

CVE-2021-34644

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...

CVE-2021-34644

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...

CVE-2021-34644 Multiplayer Games <= 3.7 Reflected Cross-Site Scripting

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...

CVE-2021-34644

The CVE-2021-34644 entry relates to the WordPress plugin Multiplayer Games, affected up to version 3.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by the use of $_SERVER['PHP_SELF'] in the multiplayergames.php file, enabling attackers to inject arbitrary web scripts. ...

CVE-2021-34644 Multiplayer Games <= 3.7 Reflected Cross-Site Scripting

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Multiplayer Games. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerabili...

Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts...

WordPress Multiplayer Games plugin <= 3.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Multiplayer Games plugin versions = 3.7. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

Multiplayer Dots and Boxes - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application Multiplayer Dots and Boxes published at the 'play' market has multiple vulnerabilities...

MGASA-2015-0154 Updated wesnoth packages fix CVE-2015-0844

Updated wesnoth packages fix security vulnerability A severe security vulnerability in Battle of Wesnoth's game client was found which could allow a malicious user to obtain personal files and information from other players in networked multiplayer games using the built-in WML/Lua API on any...

Game Maker: 40 Percent of iTunes App Purchases Are Fraud

A Hong Kong based developer of games for mobile devices says that its online, multi player games are being besieged by users making fraudulent purchases from compromised iTunes accounts and says that iPhone maker Apple has turned a deaf ear to its efforts cut off the bogus activity. In an e-mail...

Microsoft DirectPlay Denial of Service (CVE-2004-0202)

DirectPlay is a network protocol component of the DirectX game library. It provides networking functionality for developers who wish to develop networked applications, generally multi-player games. There exists a denial of service vulnerability in the IDirectPlay4 application programming interfac...

GLSA-200603-11 : Freeciv: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200603-11 Freeciv: Denial of Service Luigi Auriemma discovered that Freeciv could be tricked into the allocation of enormous chunks of memory when trying to uncompress malformed data packages, possibly leading to an out of memory...

Gamespy cd-key validation system: &quot;Cd-key in use&quot; DoS versus many games

Luigi Auriemma Application: Gamespy cd-key validation system http://www.gamespy.net Games: The amount of games that use this system is really huge, a small list maintained by me is available here: http://aluigi.altervista.org/papers/gshlist.txt An official list of games that use the Gamespy stuff...

Format string bug in EpicGames Unreal engine

Luigi Auriemma Application: Unreal engine http://unreal.epicgames.com Games: - America's Army - DeusEx - Devastation - Magic Battlegrounds - Mobile Forces - Nerf Arena Blast - Postal 2 - Rainbow Six: Raven Shield - Rune - Sephiroth: 3rd episode the Crusade - Star Trek: Klingon Honor Guard -...

Valve Software Half-Life Server 3.1.1.0 - Multiplayer Request Buffer Overflow

// source: https://www.securityfocus.com/bid/8300/info // Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer...