Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant

A new Gafgyt variant is adding vulnerable internet of things IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service DoS attacks against the Valve Source Engine, a video game engine...

Valve: [CS 1.6] Map cycle abuse allows arbitrary file read/write

The CS 1.6 server has a feature of map cycle - i.e. automatic map change after specified period of time. This feature relies on data of the file specified in mapcyclefile cvar. Any user with RCON access to the server can set this variable to arbitrary value - no input sanitization applies. In ord...

Valve: [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution

Title: CS:GO Unchecked texture file name with TEXTUREFLAGSDEPTHRENDERTARGET can lead to Remote Code Execution Scope: csgo.exe Weakness: Stack Overflow Severity: High 8.0 Link: https://hackerone.com/reports/550625 Date: 2019-04-29 17:52:46 +0000 By: @nyancat0131 Details: Summary A texture with lon...

Valve: [Source Engine] Material path truncation leads to Remote Code Execution

Title: Source Engine Material path truncation leads to Remote Code Execution Scope: .exe Weakness: Improper Input Validation Severity: High 7.1 Link: https://hackerone.com/reports/544096 Date: 2019-04-20 12:18:09 +0000 By: @nyancat0131 Details: Summary The handler of matcrosshairedit command...

WebKit Homologation Policy Security Bypass Vulnerability

WebKit is KDE, Apple Apple, Google Google and other companies to develop a set of open source Web browser engine , currently used by Apple Safari and Google Chrome and other browsers . WebKit suffers from a same-origin policy security bypass vulnerability. An attacker can exploit this vulnerabili...

Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2017-29710)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Moderate: Red Hat Security Advisory: docker security and bug fix update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Valve Software Source Engine - Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36061/info Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may...

Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target URL, IP, or HASH or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com,...

SourceBans 1.4.8 - SQL Injection Local File Inclusion Injection

SourceBans 1.4.8 - SQL Injection Local File Inclusion Injection Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...

SourceBans 1.4.8 Local File Inclusion / SQL Injection

Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...

SourceBans <= 1.4.8 SQL/LFI Injection

Exploit for php platform in category web applications Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF 0day.today 2018-04-04...

SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection

Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...

Valve Software Source Engine - Format String

source: https://www.securityfocus.com/bid/36061/info Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrar...

Valve Software Source Engine - Format String

Valve Software Source Engine - Format String source: https://www.securityfocus.com/bid/36061/info Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attack...