12 matches found
CVE-2017-20205 Valve Source SDK Stack-Based Buffer Overflow RCE
Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...
EUVD-2020-4557
Malware in sbrugna...
CVE-2020-12242
Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
Cybersecurity researchers have discovered a new botnet malware family called Gorilla aka GorillaBot that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with...
Valve Source Elevation of Privilege Vulnerability
Valve Source is a 3D game engine from the American company Valve. A security vulnerability exists in Valve Source. The vulnerability stems from a failure of a properly programmed call to an advanced native procedure. A local attacker can exploit the vulnerability by writing a file to...
CVE-2020-12242
Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...
Design/Logic Flaw
Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...
CVE-2020-12242
Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...
CVE-2020-12242
CVE-2020-12242 affects Valve Source Engine (Valve) where a local attacker can gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Public references in connected documents indicate exploitation against Source Engine CS:GO Bu...
Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant
A new Gafgyt variant is adding vulnerable internet of things IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service DoS attacks against the Valve Source Engine, a video game engine...
Valve: [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution
Title: CS:GO Unchecked texture file name with TEXTUREFLAGSDEPTHRENDERTARGET can lead to Remote Code Execution Scope: csgo.exe Weakness: Stack Overflow Severity: High 8.0 Link: https://hackerone.com/reports/550625 Date: 2019-04-29 17:52:46 +0000 By: @nyancat0131 Details: Summary A texture with lon...
Valve Software Source Engine - Format String
source: https://www.securityfocus.com/bid/36061/info Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrar...