|
The complete archive of bugs found by me in chronological order (the first is the latest advisory released). Short explanations of the broadcast client bug and socket unreachable/termination terms Multiple vulnerabilities in WebMod 0.48 03 May 2008: english - webmodz Denial of Service in Call of Duty 4 1.5 02 May 2008: english - PoC (requires sudppipe) - PoC for LAN - cod4statz Denial of Service in eTrust Secure Content Manager r8 18 Apr 2008: english - PoC - ecsqdamn Invalid memory access in CA ARCserve Backup 12.0.5454.0 17 Apr 2008: english - PoC - carcbackazz Denial of Service in PunkBuster (22 Oct 2007) 16 Apr 2008: english - PoC - pbmsgsdos Directory traversal in BigAnt Messenger 2.2 16 Apr 2008: english - biggayant CGI source disclosure in Ruby WEBrick 1.9.0 (FAT/NTFS) 15 Apr 2008: english - webrickcgi Reference advisory for old bugs in HP OpenView NNM 7.50/7.51 15 Apr 2008: english - closedview_old NULL pointer in Nero MediaHome 3.3.3.0 12 Apr 2008: english - neromedia Upload directory traversal in HP LoadRunner 9.10 12 Apr 2008: english - PoC - willycoyote Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 11 Apr 2008: english - closedviewx Denial of Service in SmarterMail 5.0.2999 11 Apr 2008: english - dumbermail Memory corruption in HP OpenView Network Node Manager 7.53 08 Apr 2008: english - PoC - closedview Directory traversal in LANDesk Management Suite 8.80.1.1 01 Apr 2008: english - landesktftp Directory traversal in 2X ThinClientServer v5.0_sp1-r3497 29 Mar 2008: english - thindirtrav Denial of Service in SLMail Pro 6.3.1.0 29 Mar 2008: english - slmaildos Multiple vulnerabilities in solidDB 06.00.1018 26 Mar 2008: english - PoC - soliduro Buffer-overflow in ASUS Remote Console 2.0.0.24 21 Mar 2008: english - asuxdpc Multiple heap overflows in xine-lib 1.1.11 20 Mar 2008: english - PoC - xinehof Buffer-overflow in BootManage TFTPD 1.99 16 Mar 2008: english - bootixtftpd Multiple vulnerabilities in Net Inspector 6.5.0.828 14 Mar 2008: english - netinsp Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) 12 Mar 2008: english - PoC - meccaffi Vulnerabilities in Timbuktu Pro 8.6.5 10 Mar 2008: english - PoC - timbuto Multiple vulnerabilities in ASG-Sentry 7.0.0 10 Mar 2008: english - asgulo NULL pointer in Remotely Anywhere 8.0.668 08 Mar 2008: english - remotelynowhere Directory traversal in Argon Client Management Services 1.31 08 Mar 2008: english - argonauti Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076 08 Mar 2008: english - acropxe Invalid memory access in Acronis True Image Group Server 1.5.19.191 08 Mar 2008: english - acrogroup NULL pointer in Acronis True Image Windows Agent 1.0.0.54 08 Mar 2008: english - acroagent Denial of Service in PacketTrap TFTP server 2.0.3901.0 08 Mar 2008: english - packettrash Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13 07 Mar 2008: english - PoC - maildisable Directory traversal in MicroWorld eScan Server 9.0.742.98 06 Mar 2008: english - escaz Multiple vulnerabilities in Perforce Server 2007.3/143793 05 Mar 2008: english - PoC - perforces Arbitrary commands execution in Versant Object Database 7.0.1.3 04 Mar 2008: english - PoC - versantcmd Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03 03 Mar 2008: english - PoC - visibroken Multiple vulnerabilities in Borland StarTeam MPX 6.7 02 Mar 2008: english - PoC - starteammpx Multiple integer overflows in Borland StarTeam server 10.0.0.57 02 Mar 2008: english - PoC - starteamz Denial of Service in SmsGate 1.1n 28 Feb 2008: english - smsgheit Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products 27 Feb 2008: english - PoC - officescaz NULL pointer in SurgeFTP 2.3a2 25 Feb 2008: english - surgeftpizza Format string and buffer-overflow in SurgeMail 38k4 25 Feb 2008: english - PoC - surgemailz Multiple vulnerabilities in Double-Take 5.0.0.2865 22 Feb 2008: english - PoC - doubletakedown Denial of Service in Zilab Remote Console Server 3.2.9 21 Feb 2008: english - PoC - zilabzrcsdos Multiple vulnerabilities in Zilab Chat and Instant Messaging 2.1 21 Feb 2008: english - PoC - zilabzcsx Heap overflow in Sybase MobiLink 10.0.1.3629 20 Feb 2008: english - PoC - mobilinkhof Multiple buffer-overflow in NowSMS v2007.06.27 19 Feb 2008: english - PoC - nowsmsz Directory traversal in SCI Chat v3.4.9 19 Feb 2008: english - scichatdt Access violation and limited informations disclosure in webcamXP 3.72.440.0 18 Feb 2008: english - webcamxp NULL pointer crash in freeSSHd 1.20 17 Feb 2008: english - PoC - freesshdnull Two heap overflow in Foxit WAC Server 2.0 Build 3503 16 Feb 2008: english - PoC - wachof Directory traversal and DoS in WinIPDS G52-33-021 12 Feb 2008: english - winipds Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11 11 Feb 2008: english - PoC - rpmlpdbof Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105 11 Feb 2008: english - lstnpsx Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x 11 Feb 2008: english - PoC - cyanuro Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 10 Feb 2008: english - sentinella Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15 10 Feb 2008: english - PoC - ezipirla NULL byte writing in Emerald, RadiusNT/X and Air Marshal 08 Feb 2008: english - emerdal Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1 07 Feb 2008: english - PoC - ipsimene Logs visualization in WS_FTP Server Manager 6.1.0.0 06 Feb 2008: english - wsftpweblog Chat vulnerabilities in TinTin++ 1.97.9 06 Feb 2008: english - PoC - rintintin Multiple vulnerabilities in WinCom LPD Total 3.0.2.623 04 Feb 2008: english - PoC - wincomalpd Multiple vulnerabilities in SAPlpd 6.28 and SAPSprint 1018 04 Feb 2008: english - PoC - saplpdz Socket termination in WS_FTP FTP Log Server 7.9.14.0 04 Feb 2008: english - ftplogsrvz Denial of Service in Print Manager Plus 7.0.127.16 31 Jan 2008: english - pqcorez Crash in BitTorrent 6.0.1 and uTorrent 1.7.6 through webui 27 Jan 2008: english - PoC - ruttorrent2 Multiple crashes in Steamcast 0.9.75 24 Jan 2008: english - steamcazz Peers unicode overflow in BitTorrent 6.0 and uTorrent 1.7.5 16 Jan 2008: english - PoC - ruttorrent Buffer-overflow in Quicktime Player 7.3.1.70 10 Jan 2008: english - PoC - quicktimebof Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 09 Jan 2008: english - PoC - sapone rmff_dump_header heap-overflow in Xine 1.1.9 08 Jan 2008: english - xinermffhof sdpplin_parse heap-overflow in VLC 0.8.6d 08 Jan 2008: english - vlcxhof report buffer-overflow in xtacacsd 4.1.2 08 Jan 2008: english - PoC - xtacacsdz Multiple vulnerabilities in yaSSL 1.7.5 04 Jan 2008: english - PoC - PoC_mySQL - yasslick Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 02 Jan 2008: english - PoC - gswsshit Buffer-overflow and format string in White_Dune 0.29beta791 02 Jan 2008: english - PoC - whitedunboffs Denial of Service in Pragma FortressSSH 5.0.4.293 02 Jan 2008: english - PoC - pragmassh Denial of Service in Pragma TelnetServer 7.0.4.589 02 Jan 2008: english - PoC - pragmatel Exception message in Seattle Lab Telnet Server 4.1.1.3758 02 Jan 2008: english - PoC - slnetmsg Exception message in VanDyke VShell 3.0.3.569 02 Jan 2008: english - PoC - vshellmsg Buffer-overflow in CoolPlayer 217 28 Dec 2007: english - culplayer Buffer-overflow in Extended Module Player 2.5.1 27 Dec 2007: english - PoC - xmpbof Multiple vulnerabilities in libnemesi 0.6.4-rc1 27 Dec 2007: english - PoC - libnemesibof Multiple vulnerabilities in Feng 0.1.15 27 Dec 2007: english - PoC - fengulo Unicode buffer-overflow in Zoom Player 6.00b2 24 Dec 2007: english - PoC - zoomprayer Buffer-overflow and format string in VideoLAN VLC 0.8.6d 24 Dec 2007: english - PoC - vlcboffs Double directory traversal in ImgSvr 0.6.21 24 Dec 2007: english - imgsvr Buffer-overflow in WinUAE 1.4.4 21 Dec 2007: english - PoC - winuaebof Array overflow in id3lib (devel CVS) 19 Dec 2007: english - PoC - id3libexec Some buffer-overflow in ProWizard 1.62 19 Dec 2007: english - PoC - prowizbof Two vulnerabilities in Cherokee r952 for Windows 17 Dec 2007: english - cherokaz Heap overflow in PeerCast 0.1217 / SVN 344 17 Dec 2007: english - PoC - peercasthof Multiple vulnerabilities in BarracudaDrive 3.7.2 10 Dec 2007: english - barradrive Multiple vulnerabilities in BadBlue 2.72b 10 Dec 2007: english - badblue Filesystem access in DOSBox 0.72 10 Dec 2007: english - PoC - dosboxxx Upload directory traversal in Easy File Sharing 4.5 07 Dec 2007: english - PoC - efsup Two vulnerabilities in Simple HTTPD 1.38 07 Dec 2007: english - shttpd Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) 05 Dec 2007: english - hfsup Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 03 Dec 2007: english - PoC - fireflyz Two DoS in I Hear U 0.5.6 20 Nov 2007: english - PoC - ihudos Static buffer overflow in Rigs of Rods 0.33d 19 Nov 2007: english - PoC - rorbof Crash in LIVE555 Media Server 2007.11.01 18 Nov 2007: english - PoC - live555x assert() DoS in World in Conflict 1.001 26 Oct 2007: english - PoC - wicassert Clients buffer-overflow in Live for Speed 0.5Y 13 Oct 2007: english - PoC - lfscbof NULL pointer crash in World in Conflict 1.000 09 Oct 2007: english - wicvoipnull Format string in The Dawn of Time 1.69s beta4 05 Oct 2007: english - dawnfs Multiple vulnerabilities in Dropteam 1.3.3 05 Oct 2007: english - PoC - dropteamz Format string in the Doom 3 engine through PunkBuster Doom 3, Quake 4, Prey, ... 01 Oct 2007: english - PoC - d3engfspb Format string in F.E.A.R. 1.08 through PunkBuster 01 Oct 2007: english - PoC - fearfspb Unexploitable buffer-overflow in America's Army 2.8.2 through PunkBuster 01 Oct 2007: english - PoC - aaboompb Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9 01 Oct 2007: english - fsdbof Multiple vulnerabilities in the gMotor2 engine F1 Challenge 99-02, rFactor, GT Legends, GTR, GTR 2, RACE, Race 07, BMW M3 Challenge, ... 19 Sep 2007: english - PoC - gmotor2 Format string and buffer-overflow in CellFactor Revolution 1.03 07 Sep 2007: english - PoC - cellfucktor Format string and clients disconnection in Alien Arena 2007 6.10 05 Sep 2007: english - PoC - aa2k7x Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 29 Aug 2007: english - PoC - dumsdei Heap overflow in Skulltag 0.97d-beta4.1 23 Aug 2007: english - PoC - skulltaghof Multiple denial of service in Soldat 1.4.2/2.6.2 23 Aug 2007: english - PoC - soldatdos Multiple vulnerabilities in Vavoom 1.24 23 Aug 2007: english - vaboom2 hell bell bug in odamex 0.2a 23 Aug 2007: english - odamexbell Buffer-overflow in the Asura engine Rogue Trooper, Prism: Guard Shield, ... 22 Aug 2007: english - PoC - asurabof Unexploitable buffer-overflow in the logging function of the Unreal engine 18 Aug 2007: english - PoC - unrwebdos Multiple vulnerabilities in Toribash 2.71 18 Aug 2007: english - PoC - toribashish Multiple vulnerabilities in rFactor 1.250 18 Aug 2007: english - PoC - rfactorx Multiple vulnerabilities in Live for Speed 0.5X10 14 Aug 2007: english - PoC - lfsbof Multiple vulnerabilities in Babo Violent 2 2.08.00 14 Aug 2007: english - PoC - bv2x Crash in Zoidcom 0.6.7 14 Aug 2007: english - PoC - zoidboom2 Details about the hlfreeze/hl-headnut/csdos/"Born to be pig" bugs 06 Apr 2007: english - PoC - hlfreeze/hl-headnut/csdos/Born to be pig Pulseaudio 0.9.5 (rev 1437) termination 29 Mar 2007: english - PoC - pulsex Multiple vulnerabilities in NAS 1.8a (svn 231) 18 Mar 2007: english - PoC - nasbugs Buffer-overflow in Conquest client 8.2a (svn 691) 07 Mar 2007: english - italiano - conquestbof Limited format string in Netrek 2.12.0 02 Mar 2007: english - italiano - PoC - netrekfs Players disconnection in Simbin racing games GTR - FIA GT Racing Game, GT Legends, GTR 2, RACE - The WTCC Game 21 Feb 2007: english - italiano - simbinzero DoS and possible format string in Marathon Aleph One 16 Dec 2006 07 Jan 2007: english - PoC - alephonz Buffer-overflow in ml_ipod 2.00p19 12 Dec 2006: english - mlipodbof Multiple vulnerabilities in Winamp Web Interface 7.5.13 10 Dec 2006: english - italiano - wawix In-game callvote map buffer-overflow in Call of Duty series 24 Sep 2006: english - italiano - codmapbof Multiple buffer-overflows in libmusicbrainz 2.1.2 13 Aug 2006: english - italiano - PoC - brainzbof Multiple buffer-overflows in AlsaPlayer 0.99.76 09 Aug 2006: english - italiano - PoC - alsapbof Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 09 Aug 2006: english - italiano - PoC - mptho Buffer-overflow in Aqualung 0.9beta5 (CVS 0.193.2) 09 Aug 2006: english - italiano - PoC - aquabof Heap corruption in Festalon 0.5.5 06 Aug 2006: english - italiano - PoC - festahc Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006) 06 Aug 2006: english - italiano - PoC - dconnx Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 31 Jul 2006: english - italiano - PoC - ocpbof Bugs in BomberClone 0.11.6 30 Jul 2006: english - italiano - PoC - bcloneboom Heap overflow in the GT2 loader of libmikmod 3.2.2 24 Jul 2006: english - italiano - PoC - lmmgt2ho Format string bug in the gout console output of Game Networking Engine 0.70 (CVS 23 Jul 2006) 24 Jul 2006: english - italiano - gnefs Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 23 Jul 2006: english - italiano - PoC - cheesebof Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) 23 Jul 2006: english - italiano - freecivx Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) 22 Jul 2006: english - italiano - warzonebof Multiple vulnerabilities in UFO2000 svn 1057 16 Jul 2006: english - italiano - ufo2ko Heap overflow in Dumb 0.9.3 through it_read_envelope 16 Jul 2006: english - italiano - PoC - dumbit Crash and freeze in Armagetron Advanced 2.8.2 16 Jul 2006: english - italiano - atrondos Format string bug in Sparklet 0.9.4try3 06 Jul 2006: english - italiano - sparkletfs Possible code execution in Kaillera 0.86 06 Jul 2006: english - italiano - PoC - kailleraex Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) 06 Jul 2006: english - italiano - adplugbof Format string bug and some DoS in Zig Game Engine 1.0.0 (CVS 24 Jun 2006) 06 Jul 2006: english - italiano - zigfs Socket unreachable in Nascar Racing 4, 2002 and 2003 Season 02 Jul 2006: english - italiano - nascarzero Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) some of the possible vulnerable games/engines are listed here 27 Jun 2006: english - italiano - q3cfilevar Format string and crash in Neoengine 0.8.2 (rev 3422) 27 Jun 2006: english - italiano - neoenginex Client buffer-overflow in Quake 3 engine (1.32c / rev 795 / ...) some of the possible vulnerable games/engines are listed here 02 Jun 2006: english - italiano - q3cbof Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229) 23 May 2006: english - italiano - PoC - pbwebbof Server termination in netPanzer 0.8 (rev 952) 23 May 2006: english - italiano - PoC - panza Format string vulnerabilities in OpenBOR 2.0046 20 May 2006: english - italiano - borfs Two heap overflow in libextractor 0.5.13 (rev 2832) 17 May 2006: english - italiano - PoC - libextho Socket unreachable in GNUnet rev 2780 12 May 2006: english - italiano - gnunetzero Multiple vulnerabilities in Outgun 1.0.3 bot 2 12 May 2006: english - italiano - PoC - outgunx Server crash in Empire 4.3.2 12 May 2006: english - italiano - PoC - empiredos Buffer-overflow and NULL pointer crash in Genecys 0.2 12 May 2006: english - italiano - PoC - genecysbof Multiple vulnerabilities in Raydium rev 309 12 May 2006: english - italiano - PoC - raydiumx Format string bug in Skulltag 0.96f 23 Apr 2006: english - italiano - PoC - skulltagfs Denial of service bugs in OpenTTD 0.4.7 23 Apr 2006: english - italiano - PoC - openttdx Buffer-overflow and crash in Fenice OMS 1.10 23 Apr 2006: english - italiano - fenicex network_receive_packet and network_host_handle_join buffer-overflow in dimension3 1.5 23 Apr 2006: english - italiano - PoC - dim3bof Buffer-overflow in Ultr@VNC 1.0.1 viewer and server 04 Apr 2006: english - italiano - PoC - uvncbof Format string in Doomsday 1.8.6 03 Apr 2006: english - italiano - doomsdayfs Buffer-overflow and in-game crash in Zdaemon 1.08.01 and X-Doom R6 31 Mar 2006: english - italiano - PoC - zdaebof Socket unreachable and decompression buffer-overflow in Vavoom 1.19.1 26 Mar 2006: english - italiano - PoC - vaboom Multiple vulnerabilities in csDoom 0.7 26 Mar 2006: english - italiano - PoC - csdoombof Multiple vulnerabilities in ENet library (Jul 2005) Cube, Sauerbraten, Duke3d_w32, Soccar, Ered Luin, breve, Enigma, The Mana World, Block Attack and many others 12 Mar 2006: english - italiano - PoC - enetx Clients disconnection in GGZ Gaming Zone 0.0.12 12 Mar 2006: english - italiano - PoC - ggzcdos Multiple vulnerabilities in Alien Arena 2006 GE 5.00 07 Mar 2006: english - italiano - PoC - aa2k6x Out of memory crash in Freeciv 2.0.7 06 Mar 2006: english - italiano - PoC - freecivdos Multiple vulnerabilities in Liero Xtreme 0.62b 06 Mar 2006: english - italiano - PoC - lieroxxx Multiple vulnerabilities in Sauerbraten engine 2006_02_28 06 Mar 2006: english - italiano - PoC - sauerburn Multiple vulnerabilities in Cube engine 2005_08_29 06 Mar 2006: english - italiano - PoC - evilcube Server freeze in Monopd 0.9.3 03 Mar 2006: english - italiano - PoC - monopdx Off-by-one in Tenes Empanadas Graciela 0.11.1 03 Mar 2006: english - italiano - tegob1 Soldier of Fortune II format string through PunkBuster < 1.180 16 Feb 2006: english - italiano - sof2pbfs Buffer-overflow in Dual DHCP DNS Server 1.0 14 Jan 2006: english - italiano - PoC - dualsbof BZFlag 2.0.4 server crash due to undelimited callsign 25 Dec 2005: english - italiano - PoC - bzflagboom Buffer-overflow in GO-Global for Windows 3.1.0.3270 02 Nov 2005: english - italiano - PoC (server) - PoC (clients) - ggwbof Buffer-overflow and directory traversal in Asus Video Security 3.5.0.0 02 Nov 2005: english - italiano - PoC - asusvsbugs Multiple vulnerabilities in Scorched 3D 39.1 02 Nov 2005: english - italiano - PoC - scorchbugs Limited directory traversal in NeroNET 1.2.0.2 02 Nov 2005: english - italiano - neronet Buffer-overflow in Glider collect'n kill 1.0.0.0 02 Nov 2005: english - italiano - PoC - gliderbof Buffer-overflow and crash in FlatFrag 0.3 02 Nov 2005: english - italiano - PoC - flatfragz Player disconnection and server interruption in Blitzkrieg 2 1.21 02 Nov 2005: english - italiano - PoC - blitz2out Socket termination in Battle Carry .005 02 Nov 2005: english - italiano - PoC - bcarrydos Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100 30 Sep 2005: english - italiano - PoC - virtbugs Server crash and motd deletion in MultiTheftAuto 0.5 patch 1 25 Sep 2005: english - italiano - PoC - mtaboom Multiple vulnerabilities in BFCommand & Control Server Manager BFCC <= 1.22_A and BFVCC <= 2.14_B 29 Aug 2005: english - italiano - PoC - bfccown Server crash in Ventrilo 2.3.0 23 Aug 2005: english - italiano - PoC - ventboom Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0 17 Aug 2005: english - italiano - PoC - chmpokbof Format string and buffer-overflow in Sacrifice 01 Aug 2005: english - italiano - sacrifice Broadcast format string and buffer-overflow in Race Driver 1.20 18 Jul 2005: english - italiano - rdrum Endless loop in NetPanzer 0.8 13 Jul 2005: english - italiano - PoC - panzone In-game /ignore crash in Soldier of Fortune II 1.03 29 Jun 2005: english - italiano - sof2ignore Server termination in Raknet 2.33 (before 30 May 2005) Elite Warriors: Vietnam, ... 05 Jun 2005: english - italiano - PoC - rakzero Crash in Stronghold 2 1.2 30 May 2005: english - italiano - PoC - strong2boom Buffer-overflow and crash in Terminator 3: War of the Machines 1.16 26 May 2005: english - italiano - PoC - t3wmbof Buffer-overflow in C'Nedra 0.4.0 26 May 2005: english - italiano - PoC - cnedrabof Endless loop in Halo 1.06 24 May 2005: english - italiano - PoC - haloloop Format string and crash in Warrior Kings 1.3 and Battles 1.23 23 May 2005: english - italiano - PoC for WK - PoC for WKB - warkings In-game server crash in War Times 1.03 17 May 2005: english - italiano - PoC - wartimesboom Crash in Zoidcom 1.0 beta 4 10 May 2005: english - italiano - PoC - zoidboom Gamespy cd-key validation system: "Cd-key in use" DoS versus many games Players of the games Halo, Battlefield 1942 and Vietnam, Men of Valor, Painkiller, Star Wars Battlefront, Star Wars Republic Commando, Tribes: Vengeance and many others 04 May 2005: english - italiano - PoC (method 2) - PoC (method 1 for Gore 1.48) - gskeyinuse Gamespy cd-key validation system: Cd-key never in use 04 May 2005: english - italiano - PoC - gskeydisc Clients format string and server crash in Mtp-Target 1.2.2 01 May 2005: english - italiano - PoC - mtpbugs In-game vulnerabilities in IGI 2: Covert Strike 1.3 14 Apr 2005: english - italiano - PoC - igi2bugs Multiple vulnerabilities in Yager 5.24 14 Apr 2005: english - italiano - PoC - yagerbof In-game server buffer-overflow in Jedi Academy 1.011 02 Apr 2005: english - italiano - PoC - jamsgbof In-game server crash (buffer overrun) in Call of Duty 1.5b, United Offensive 1.51b, Call of Duty II 1.0 02 Apr 2005: english - italiano - PoC - codmsgboom In-game players kicking in the Quake 3 engine Call of Duty, Quake III Arena, Return to Castle Wolfenstein, Soldier of Fortune II, Star Wars Jedi Knight II: Jedi Outcast, Star Wars Jedi Knight: Jedi Academy and Wolfenstein: Enemy Territory 02 Apr 2005: english - italiano - PoC - q3msgboom Buffer-overflow in Tincat 2 minor than 2.0.28 The Settlers: Heritage of Kings <= 1.02, Sacred <= 1.8.2.6 and others 28 Mar 2005: english - italiano - PoC - tincat2bof Socket unreachable and crash in FunLabs games Cabela's, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, US Most Wanted: Nowhere To Hide, ... 20 Mar 2005: english - italiano - PoC - funlabsboom In-game format string in Xpand Rally 1.1.0.0 09 Mar 2005: english - italiano - PoC - xprallyfs Client buffer-overflow in Chaser 1.50 04 Mar 2005: english - italiano - PoC - chasercool Format string and crash in Carsten's 3D Engine (March 2004) 03 Mar 2005: english - italiano - PoC - ca3dex Server termination in Scrapland 1.0 28 Feb 2005: english - italiano - PoC - scrapboom In-game cl_guid crash in Soldier of Fortune II 1.03 24 Feb 2005: english - italiano - PoC - sof2guidboom Multiple vulnerabilities in TrackerCam 5.12 18 Feb 2005: english - italiano - PoC - tcambof Buffer-overflow in Bontago 1.1 18 Feb 2005: english - italiano - PoC - bontagobof Directory traversal in Xinkaa web station 1.0.3 18 Feb 2005: english - xinkaa Infostring crash and shutdown in the Quake 3 engine Call of Duty, Quake III Arena, Return to Castle Wolfenstein, Soldier of Fortune II, Star Trek Voyager: Elite Force, Star Trek: Elite Force II, Star Wars Jedi Knight II: Jedi Outcast, Star Wars Jedi Knight: Jedi Academy, Wolfenstein: Enemy Territory, ... 12 Feb 2005: english - italiano - PoC - q3infoboom Crashes and socket unreachable in Armagetron Advanced 0.2.7.0 10 Feb 2005: english - italiano - PoC 1 - PoC 2 - atron Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 08 Feb 2005: english - italiano - PoC RGS - PoC RGP - realarcade Limited buffer-overflow in Painkiller 1.35 02 Feb 2005: english - italiano - PoC - painkkeybof Broadcast crash in Xpand Rally 1.0.0.0 30 Jan 2005: english - italiano - PoC - xprallyboom Local buffer-overflow in W32Dasm 8.93 24 Jan 2005: english - italiano - PoC - w32dasmbof Arbitrary files overwriting through skins in DivX Player 2.6 21 Jan 2005: english - italiano - PoC - divxplayer Socket termination is Halocon 2.0.0.81 16 Jan 2005: english - halocon Server crash in Breed patch #1 13 Jan 2005: english - italiano - PoC - breedzero Socket unreachable in Amp II engine Gore, ... 06 Jan 2005: english - italiano - PoC - amp2zero Socket termination, format string and XSS in Soldner Secret Wars 30830 04 Jan 2005: english - italiano - PoC - soldnerx Socket unreachable in the Lithtech engine (new protocol) Contract Jack 1.1, No one lives forever 2 1.3, Tron 2.0 1.042 and F.E.A.R. 1.02 13 Dec 2004: english - italiano - PoC - lithsock Socket unreachable in Codename Eagle 1.42 11 Dec 2004: english - italiano - PoC - ceaglesock In-game buffer-overflow in the Gamespy cd-key validation SDK Some of the games listed here 10 Dec 2004: english - italiano - PoC for Gore - gskeysdk Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2 07 Dec 2004: english - italiano - PoC - bfcboom Multiple vulnerabilities in Kreed 1.05 02 Dec 2004: english - italiano - PoC - kreedexec Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 30 Nov 2004: english - italiano - PoC - janados Buffer-overflow in Orbz 2.10 29 Nov 2004: english - italiano - PoC - orbzbof Players overflow in Serious engine UDP Alpha Black Zero, Nitro family and Serious Sam Second Encounter 1.07 28 Nov 2004: english - italiano - PoC - serious Crash in Remote admin for Star wars battlefront (swbfraw32) 28 Nov 2004: english - swbfraw32 Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11 24 Nov 2004: english - italiano - PoC - swb Broadcast memory corruption in Soldier of Fortune II 1.03 (refer to q3infoboom too) 23 Nov 2004: english - italiano - PoC - sof2boom Broadcast client crash in Halo 1.05 22 Nov 2004: english - italiano - PoC - halocboom Multiple vulnerabilities in Hired Team: Trial (Shine engine) 15 Nov 2004: english - italiano - hteam Format string bug in Army Men RTS 14 Nov 2004: english - italiano - artsfs Crash in Secure Network Messenger 1.4.2 12 Nov 2004: english - italiano - snmboom Resources consumption in 602 Lan Suite 2004.0.04.0909 06 Nov 2004: english - italiano - PoC - 602res In-game format string bug in the Lithtech engine Alien vs Predator 2, Blood 2, Contract Jack, Global Operations, Kiss Psycho Circus, Legends of Might and Magic, No one lives forever, No one lives forever 2, Purge Jihad, Sanity, Shogo, Tron 2.0, F.E.A.R. 1.02 and others... 05 Nov 2004: english - italiano - lithfs Directory traversal and DoS in Chesapeake TFTP Server 1.0 30 Oct 2004: english - PoC - cccitftp Buffer-overflow and directory traversal in Allied Telesyn TFTP server 1.8 30 Oct 2004: english - PoC - attftp Crashes in Master of Orion III 1.2.5 27 Oct 2004: english - italiano - PoC - moo3boom Buffer-overflow in Age of Sail II 1.04.151 20 Oct 2004: english - italiano - PoC - aos2bof Broadcast crash in Vypress Tonecast 1.3 19 Oct 2004: english - italiano - PoC - toneboom Directory traversal in Yak! 2.1.2 15 Oct 2004: english - italiano - yak Buffer-overflow in ShixxNOTE 6.net 13 Oct 2004: english - italiano - PoC - shixxbof Limited \secure\ buffer-overflow in some old Monolith games Alien versus predator 2, Blood 2, No one lives forever and Shogo 08 Oct 2004: english - italiano - PoC - lithsec Server crash in Flash Messaging 5.2.0g 07 Oct 2004: english - italiano - PoC - flashmsg Directory traversal in Tridcomm 1.3 06 Oct 2004: english - italiano - tridcomm In-game format string in Judge Dredd vs. Death 1.01 02 Oct 2004: english - italiano - dreddfs Broadcast buffer-overflow in Vypress Messenger 3.5.1 01 Oct 2004: english - italiano - PoC - vymesbof Code execution in Icecast 2.0.1 28 Sep 2004: english - italiano - PoC - iceexec Broadcast crash in Chatman 1.5.1 RC1 27 Sep 2004: english - italiano - PoC - chatmanx Buffer-overflow in Zinf 2.2.1 for Windows through PLS file 24 Sep 2004: mail with info - PoC - chatmanx Multiple vulnerabilities in ActivePost Standard 3.1 23 Sep 2004: english - italiano - PoC crash - PoC directory traversal - actp Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004) 21 Sep 2004: english - italiano - PoC - popmsgboom Crash in Lords of the Realm III 1.01 19 Sep 2004: english - italiano - PoC - lotr3boom Freeze in Pigeon Server 3.02.0143 16 Sep 2004: english - italiano - PoC - pigeonx Off-by-one bug in Halo 1.04 09 Sep 2004: english - italiano - PoC - haloboom Broadcast shutdown in Call of Duty 1.4 (refer to q3infoboom too) 05 Sep 2004: english - italiano - PoC - codboom Broadcast forced exit in Ground Control II 1.0.0.7 26 Aug 2004: english - italiano - PoC - gc2boom Limited buffer overflow in Painkiller 1.31 24 Aug 2004: english - italiano - PoC - painkex Medal of Honor remote buffer-overflow (AA 1.11v9, SH 2.15, BT 2.40b) 17 Jul 2004: english - italiano - PoC - mohaabof Remote crash of Half-Life servers and clients (versions before the 07 July 2004) 12 Jul 2004: english - italiano - PoC - hlboom Code execution in the Unreal Engine through \secure\ packet DeusEx, Devastation, Mobile Forces, Nerf Arena Blast, Postal 2, Rune, Tactical Ops, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Unreal Tournament 2004, Wheel of Time, X-com Enforcer, ... 18 Jun 2004: english - italiano - PoC - SpoofedPoC - unsecure Various in-game crashes and fun in Race Driver 1.20 08 Jun 2004: english - italiano - PoC - rdboom Colin McRae Rally 04 1.0 broadcast clients crash 04 Jun 2004: english - italiano - PoC - cmr4cdos Arbitrary file overwriting in Unreal engine through UMOD 22 Apr 2004: english - italiano - PoC - umod DoS in Rsniff 1.0 09 Apr 2004: english - italiano - PoC - rsniff Format string bug in IGI 2: Covert Strike 1.3 05 Apr 2004: english - italiano - PoC - igi2fs RogerWilco new bugs: UDP crash, "Voices from the deep", privacy problems and annoying attacks 31 Mar 2004: english - PoC - wilco Remote crash in Etherlords I 1.07 and II 1.03 25 Mar 2004: english - italiano - PoC - ethboom Buffer overflow in PicoPhone 1.63 24 Mar 2004: english - italiano - PoC - picobof Server freeze in The Rage 1.01 23 Mar 2004: english - italiano - PoC - ragefreeze Castles and Catapults game freeze 23 Mar 2004: english - italiano - cnc Broadcast client buffer-overflow in Terminator 3 1.0 19 Mar 2004: english - italiano - PoC - t3cbof Chrome 1.2.0.0 server crash 18 Mar 2004: english - italiano - PoC - chrome Battle Mages server freeze 11 Mar 2004: english - italiano - PoC - LAN_PoC - battlemages Format string bug in EpicGames Unreal engine America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, XIII, ... 10 Mar 2004: english - italiano - Easy_check - PoC - unrfs Crash of Battle Isle Andosia War 2.08 09 Mar 2004: english - italiano - PoC (for server) - PoC (for client) - bisleboom Ghost users in Chat Anywhere 2.72 09 Mar 2004: english - italiano - PoC (html page) - chatany Remote server crash in Haegemonia 1.07 and Desert Rats vs. Afrika Korps 24 Feb 2004: english - italiano - PoC - hgmcrash Client buffer overflow in Freespace 2 1.2 02 Mar 2004: english - italiano - PoC - fs2cbof Clients broadcast buffer overflow in Red Faction 1.20 01 Mar 2004: english - italiano - PoC - rfcbof Games servers crash and possible small privacy problem caused by Gamespy cd-key SDK several games vulnerables (before March 2004 but also some recents) Battlefield 1942, Contract Jack, Gore, Halo, Hidden & Dangerous 2, IGI 2: Covert Strike, Need For Speed Hot Pursuit 2, Tribes: Vengeance, TRON 2.0, ... 24 Feb 2004: english - italiano - PoC - more_stuff - gshboom Remote crash in Ghost Recon engine Ghost Recon, Desert Siege and The Sum of all Fears 24 Feb 2004: english - italiano - PoC - grboom Remote server crash in Team Factor 1.25 20 Feb 2004: english - italiano - PoC - tfboom Broadcast client buffer-overflow in Purge Jihad 2.0.1 16 Feb 2004: english - italiano - PoC - purge Denial of Service in Ratbag's game engine Dirt Track Racing, Dirt Track Racing Australia, Leadfoot, Dirt Track Racing Sprint Cars, Dirt Track Racing 2 and World of Outlaws Sprint Cars 11 Feb 2004: english - italiano - PoC - ratbag Denial of Service in Monkey httpd 0.8.1 11 Feb 2004: english - italiano - PoC - monkeydos Remote crash of Chaser game 1.50 03 Feb 2004: english - italiano - PoC for server - PoC for client - chaser Need for Speed Hot pursuit 2 242 broadcast client's buffer overflow 22 Jan 2004: english - italiano - PoC - nfshp2cbof Xitami 2.5c1 server crash and possible code execution through malformed SSI files 19 Jan 2004: PoC - nfshp2cbof Denial of service in Getware's built-in webserver (Webcam Live and Photohost) 19 Jan 2004: english - italiano - PoC - wcamdos Directories management bypassing in Goahead webserver 2.1.8 19 Jan 2004: english - italiano - wcamdos Resources consumption in Goahead webserver 2.1.8 19 Jan 2004: english - italiano - PoC - wcamdos Multiple vulnerabilities in WWW Fileshare Pro 2.42 14 Jan 2004: english - italiano - PoC bug 1 - PoC bug 2a - PoC bug 2b - wfshare Buffer-overflow in Jordan's telnet server 29 Dec 2003: english - italiano - PoC - jordwts Directory traversal bug in DCAM server 8.2.5 22 Dec 2003: english - italiano - dcam Directory traversal and XSS in Active Webcam 4.3 19 Dec 2003: english - italiano - activecam Server side scripts viewing in Goahead webserver 2.1.7 bug originally found by Richard Brain of Procheckup 17 Dec 2003: english - italiano - activecam FAT32 directory auth bypass on Linux Abyssws 1.2 08 Dec 2003: english - italiano - abyss Surfboard 1.1.8 vulns 01 Dec 2003: english - italiano - surfd Remote crash in the Serious Sam engine 30 Oct 2003: english - italiano - PoC - ssboom Medieval Total War 1.1 crash 07 Oct 2003: english - italiano - PoC - mtwdos Medieval Total War 1.1 Connection expired 07 Oct 2003: english - italiano - PoC - mtwexp Medieval Total War 1.1 client crash and directory traversal 07 Oct 2003: english - italiano - PoC - mtw2client Gamespy3d 263020 lets code execution through long IRC answer 30 Sep 2003: english - italiano - PoC - gs3d Half-Life's client 1.1.1.0 format string (mail sent to vuln-dev) 29 Sep 2003: english - italiano - PoC - hlclientfs NULLhttpd 0.5.1 remote resources consumption 24 Sep 2003: english - italiano - PoC - nullhttpd NULLhttpd 0.5.1 XSS through Bad request 24 Sep 2003: english - italiano - PoC - nullhttpd SpeakFreely for Win 7.6a remote crash through malformed GIF 22 Sep 2003: english - italiano - PoC - sfwin SpeakFreely for Win 7.6a spoofed DoS 22 Sep 2003: english - italiano - PoC - sfwin GuildFTPd 0.999.5 partial directory traversal bug ?? Sep 2003: english - italiano - guildftpd Goahead 2.1.3 DoS through negative Content-Length 22 Sep 2003: english - italiano - goahead Winamp 2.91 lets code execution through MIDI files (IN_MIDI.DLL 3.01) 08 Sep 2003: english - italiano - example - winamp Rogerwilco: server's buffer overflow (1.4.1.6, 0.30a) 08 Sep 2003: english - italiano - PoC - wilco Rogerwilco 1.4.1.2 and 1.4.1.6 remix of bugs 08 Sep 2003: english - italiano - PoC - wilco Problems with the MODs of Half-Life 1.1.1.0 29 Jul 2003: english - italiano - hlmods Half-Life servers: buffer-overflow and freeze (versions 1.1.1.0, 4.1.1.1c1 and 3.1.1.1c1) 29 Jul 2003: english - italiano - PoC - hlbof Half-Life broadcast client's buffer-overflow (versions 1.1.1.0) 29 Jul 2003: english - italiano - PoC - hlbof Broadcast buffer-overflow and server freeze in RogerWilco Mk.1d3 2001 02 Jul 2003: english - PoC - wilco Quake 3 con\con exploit (funny) 27 May 2003: english - italiano - PoC - wilco UnrealTournament 2003 2199 client passive DoS 13 May 2003: english - italiano - PoC - ut2003pdos Abyss webserver X1 1.1.2 remote crash 05 Apr 2003: english - articolo in italiano scritto riguardo al problema abyssx1 Emule 0.27b remote crash 25 Mar 2003: english - italiano - PoC - emule Edonkey and Overnet 0.45 resources consumption 21 Mar 2003: english - italiano - PoC - edonkey Some game master servers can be used as amplifiers 20 Feb 2003: english - italiano - PoC - msddos Unreal engine: results of my research DoS, DDoS, remote memory problems, execution of malicious code and more 05 Feb 2003: english - italiano - PoC section - ueng Blade encoder 0.94.2 code execution 02 Feb 2003: english - italiano - PoC wave - blade942 Savant 3.1 multiple vulnerabilities 13 Sep 2002: english - italiano - PoC data - savant SWServer 2.2 directory traversal bug 28 Aug 2002: english - italiano - swserver Blazix 1.2 jsp view and protected folder access 24 Aug 2002: english - italiano - Blazix Abyss 1.0.3 (patch 2) directory traversal and administration bug 22 Aug 2002: english - italiano - PoC - abyss Bajie 0.95zvh index viewing and server scripts download 16 Aug 2002: english - bajie Apache 2.0.39 directory traversal and path disclosure bug for not Unix systems 16 Aug 2002: english - italiano - apache Lcc-win32 (all versions) privacy problem in Windows9x 02 Aug 2002: english - italiano - lcc Pegasus Mail 4.01 DoS 24 Jul 2002: english - italiano - PoC - pegasus Popcorn mail client 1.20 multiple vulnerabilities 11 Jul 2002: english - italiano - PoC - popcorn Webtrends 3.1 script files view 03 Jun 2001: english - webtrends CheckBo 1.56 multiple vulnerabilities 20 Apr 2001: english - italiano - PoC - checkbo Apache 1.3.15 Win32 anonymous DoS 12 Apr 2001: english - italiano - apache1 |