14 matches found
Half-Life StatsMe 2.6.x Plug-in MakeStats Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6578/info The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...
UPDATE: Format String Vulnerability in Valve's CS-Source
In-Reply-To: [email protected] Hi, i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password! just do the following: type 'name "n"' without ' to console and wait until you get killed. The server will be killed,...
[VSA0308] Half-Life AMX-Mod remote (root) hole
void.at Security Advisory VSA0308 - mailto:crew at void dot at AMX1 is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in AMX, it is possible for a remote attacker who knows the...
[VSA0302] Half-Life Adminmod remote (root) hole
void.at Security Advisory VSA0302 Adminmod1 is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in adminmod, it is possible for a remote attacker who knows the rcon-password to remotely...
[VSA0303] Half-Life StatsMe remote (root) hole
void.at Security Advisory VSA0303 Overview ======== "statsme"1 is a popular plugin for the Half-Life Dedicated Server hlds. hlds is not only the server for the most popular online game today, "Counter-Strike", but for many other games too. Two security bugs in statsme make it possible to execute...
[VSA0301] Half-Life Clanmod remote (root) hole
void.at Security Advisory VSA0301 Clanmod1 is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in clanmod, it is possible for a remote attacker who knows the rcon-password to remotely...
Half-Life StatsMe 2.6.x Plugin - CMD_ARGV Buffer Overflow
Half-Life StatsMe 2.6.x Plugin - CMDARGV Buffer Overflow // source: https://www.securityfocus.com/bid/6575/info // The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the...
Half-Life StatsMe 2.6.x Plugin - MakeStats Format String
Half-Life StatsMe 2.6.x Plugin - MakeStats Format String // source: https://www.securityfocus.com/bid/6578/info // The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the...
Half-Life StatsMe 2.6.x Plugin - MakeStats Format String
// source: https://www.securityfocus.com/bid/6578/info // The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context o...
Half-Life StatsMe 2.6.x Plugin - CMD_ARGV Buffer Overflow
// source: https://www.securityfocus.com/bid/6575/info // The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context of...
Information leakage in Quake2
It's possible to retrieve any server variables vaules including $rconpassword by using modified client without $-variables expanding...
Remote quake 2 3.2x server cvar leak
Hello, A problem exists in the Quake II Server for any OS probably all versions; tested 3.20 and 3.21 discovered by 'Redix' that allows server cvars containing sensitve information to be leaked. This has been known for a little over 2 months, I run several Q2 servers and only learned of it today...
id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution
// source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible to remotely bypass authentication. In order for this to be exploited, the attacker would have ...
id Software Solaris Quake II 3.133.14 QuakeWorld 2.02.1 Quake 1.93.133.14 - Command Execution
id Software Solaris Quake II 3.133.14 QuakeWorld 2.02.1 Quake 1.93.133.14 - Command Execution // source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible ...