|
The complete archive of my advisories about software security vulnerabilities found by me. The SCADA tag covers anything of the HMI/SCADA, PLC, automation and industrial sector. All the advisories include the steps for replicating the problems or links to the relative proof-of-concept. Vulnerabilities in Pro-face Pro-Server EX 1.30 (SCADA) 13 May 2012: adv - proservrex_1 Resources consumption or Denial of Service in Wonderware SuiteLink (SCADA) 11 May 2012: adv - suitelink_1 Vulnerabilities in QNX phrelay/phindows/phditto (SCADA???) 10 May 2012: adv - qnxph_1 Endless loop in Samsung NET-i ware 1.37 21 Apr 2012: adv - netiware_1 Vulnerabilities in Samsung TV (remote controller protocol) 19 Apr 2012: adv - poc - samsux_1 Denial of Service vulnerabilities in EMC IRM Server 4.6.1.1995 10 Apr 2012: adv - poc - irm_1 Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability 09 Apr 2012: zdi - quicktime_? Denial of Service in EMC Data Protection Advisor 5.8.1 29 Mar 2012: adv - dpa_1 FlexNet License Server Manager lmgrd Remote Code Execution Vulnerability 26 Mar 2012: adv - zdi - lmgrd_1 Vulnerabilities in RealPlayer 22 Mar 2012: zdi - zdi - zdi - realplayer_* Vulnerabilities in Novell ZENworks Configuration Management 21 Mar 2012: info - id - id - id - zenworks_* Use-after-free in Microsoft Remote Desktop (ms12-020) 15 Mar 2012: adv - leak_info - zdi - ms - termdd_1 Vulnerabilities in GE iFix Profiy Historian (SCADA) 13 Mar 2012: info - ifix_2 Vulnerabilities in GE Real-Time Information Portal (SCADA) 13 Mar 2012: info - info - rtip_1 Directory traversal in Sockso 1.5 14 Mar 2012: adv - sockso_1 Vulnerabilities in Presto! PageManager 9.01 14 Mar 2012: adv - pagemanager_1 Denial of Service in EMC NetWorker 7.6 sp3 14 Mar 2012: adv - nsrexecd_1 Denial of Service in Epson EventManager 2.50 14 Mar 2012: adv - eeventmanager_1 Arbitrary files downloading in TVersity 1.9.7 14 Mar 2012: adv - tversity_1 Directory traversal in NetDecision 4.6.1 07 Mar 2012: adv - netdecision_1 Vulnerabilities in xArrow 3.2 (SCADA) 02 Mar 2012: adv - poc - xarrow_1 File vulnerability in Beckhoff TwinCAT (SCADA) 02 Mar 2012: adv - twincat_2 Adobe Shockwave iml32.dll DEMX Remote Code Execution Vulnerability 01 Mar 2012: zdi - shockwave_* ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability (SCADA) 22 Feb 2012: zdi - abb_1 Heap corruption in Unity 3d Web Player 3.2.0.61061 21 Feb 2012: adv - unity3d_1 Vulnerabilities in Buzz (build 1458) 20 Feb 2012: adv - buzz_1 Vulnerabilities in Psycle 1.10.0 18 Feb 2012: adv - psycle_1 Arbitrary memory corruption in Novell GroupWise Messenger 2.1.0 16 Feb 2012: adv - nmma_3 Memory corruption in Novell GroupWise Messenger 2.1.0 16 Feb 2012: adv - nmma_1 Unicode stack overflow in Novell GroupWise Messenger client 2.1.0 16 Feb 2012: adv - nim_1 Vulnerabilities in XnView 1.98.5 16 Feb 2012: adv - xnview_1 Vulnerabilities in R4 1.25 09 Feb 2012: adv - r4_1 Vulnerabilities in R2 1.65 09 Feb 2012: adv - r2_1 Vulnerabilities in RealPlayer 07 Feb 2012: info - real_* Vulnerabilities in Quicktime 03 Feb 2012: info - quicktime_* Two Denials of Service in Rockwell RNADiagReceiver 2.40.0.12 (SCADA) 17 Jan 2012: adv - rnadiagreceiver_1 Directory traversal in NeoAxis Web Player 1.4 15 Jan 2012: adv - neoaxis_1 Vulnerabilities in ExpressView Browser Plug-in (MrSID) 6.5 11 Jan 2012: adv - expressview_1 Arbitrary NULL byte writing in SumatraPDF 1.9 09 Jan 2012: adv - poc - sumatrapdf_1 Apple Quicktime JPEG2000 COD and RLE BGRA Decoding Remote Code Execution Vulnerability 05 Jan 2012: zdi - zdi - quicktime_* WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability (SCADA) 22 Dec 2011: zdi - kingview_1 Adobe Shockwave NPAPI Plug-in Drag and Drop Remote Code Execution Vulnerability 17 Dec 2011: zdi - shockwave_* Microsoft OLE CPropertyStorage::ReadMultiple Variant Type Confusion Vulnerability (ms11-093) 13 Dec 2011: adv - poc - ms - id - ole32_1 TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability 07 Dec 2011: zdi - * Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability 07 Dec 2011: zdi - quicktime_* RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability 07 Dec 2011: zdi - real_* Vulnerabilities in Serv-U 11.1.0.3 03 Dec 2011: adv - poc - poc - servu_1 Endless loop in CyberLink PowerDVD 11.0.0.2114 03 Dec 2011: adv - powerdvd_1 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (SCADA) 29 Nov 2011: adv - codesys_1 Use-after-free in Microsys PROMOTIC 8.1.4 (SCADA) 28 Nov 2011: adv - promotic_3 Vulnerabilities in Siemens Automation License Manager (SCADA) 28 Nov 2011: adv - poc - almsrvx_1 Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2 (SCADA) 28 Nov 2011: adv - winccflex_1 Vulnerabilities in Real Player 14.0.7 18 Nov 2011: zdi - zdi - zdi - real_* InduSoft WebStudio vulnerabilities (SCADA) 16 Nov 2011: zdi - zdi - indusoft_* Denials of Service in Optima APIFTP Server 1.5.2.13 (SCADA) 13 Nov 2011: adv - optimalog_1 Adobe Shockwave .w32 FLST Heap Buffer Overflow Vulnerability 09 Nov 2011: id - shockwave_? GE Proficy Historian ihDataArchiver.exe Trusted Header Size Remote Code Execution Vulnerability (SCADA) 07 Nov 2011: zdi - ifix_1 Vulnerabilities in HP Data Protector Media Operations 6.20 03 Nov 2011: adv - adv - hpdpmedia_1/2 Use-after-free in Excel for Office 2003 11.8335.8333 SP3 two advisories but probably the same bug. no additional research, released as-is 03 Nov 2011: adv - adv - excel_1/2 ActiveX bug in Microsys PROMOTIC 8.1.4 (SCADA) 30 Oct 2011: adv - promotic_2 Vulnerabilities in Quicktime 26 Oct 2011: zdi - zdi - zdi - quicktime_* Novell/GroupWise Messenger Server Memory Disclosure Vulnerability 25 Oct 2011: adv - nmma_2 Vulnerabilities in Novell ZenWorks Handheld Management 18 Oct 2011: adv - adv - zenworks_* Vulnerabilities in Microsys PROMOTIC 8.1.4 (SCADA) 13 Oct 2011: adv - promotic_1 Vulnerabilities in atvise webMI2ADS 1.0 (SCADA) 10 Oct 2011: adv - webmi2ads_1 Use after free in IRAI AUTOMGEN 8.022 (SCADA) 10 Oct 2011: adv - automgen_1 Denial of Service in OPC Systems.NET 4.00.0048 (SCADA) 10 Oct 2011: adv - opcnet_1 Vulnerabilities in Cytel Studio 9 02 Oct 2011: adv - cytel_1 Vulnerabilities in GenStat 14.1.0.5943 01 Oct 2011: adv - genstat_1 Reference for a vulnerability in atvise server 2.0.0.3291 (SCADA) 30 Sep 2011: adv - atvise_1 Arbitrary memory corruption in NCSS 07.1.21 28 Sep 2011: adv - ncss_1 Vulnerabilities in PcVue 10 (SCADA) 27 Sep 2011: adv - pcvue_1 Integer overflow in Sterling Trader 7.0.2 25 Sep 2011: adv - sterling_1 Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA) 22 Sep 2011: adv - forcecontrol_1 Vulnerabilities in EViews 7.2 19 Sep 2011: adv - eviews_1 Vulnerabilities in MetaServer RT 3.2.1.450 19 Sep 2011: adv - metaserver_1 Code execution in MetaStock 11 13 Sep 2011: adv - poc - metastock_1 Vulnerabilities in eSignal 10.6.2425 13 Sep 2011: adv - poc - esignal_1 Multiple vulnerabilities in Cogent DataHub 7.1.1.63 (SCADA) 13 Sep 2011: adv - adv - adv - adv - cogent_* Stack overflow in DAQFactory 5.85 build 1853 (SCADA) 13 Sep 2011: adv - daqfactory_1 Multiple vulnerabilities in Progea Movicon / PowerHMI 11.2.1085 (SCADA) 13 Sep 2011: adv - adv - adv - movicon_* Directory traversal in Carel PlantVisor 2.4.4 (SCADA) 13 Sep 2011: adv - plantvisor_1 Heap overflow in Rockwell RSLogix 19 (FactoryTalk RnaUtility.dll) (SCADA) 13 Sep 2011: adv - rslogix_1 Multiple vulnerabilities in Measuresoft ScadaPro 4.0.0 (SCADA) 13 Sep 2011: adv - scadapro_1 Denial of Service in Beckhoff TwinCAT 2.11.0.2004 (SCADA) 13 Sep 2011: adv - twincat_1 Vulnerabilities in BroadWin WebAccess Client 1.0.0.10 (SCADA) 02 Sep 2011: adv - poc - bwocxrun_1 calloc integer overflow in MPlayer on Windows 02 Sep 2011: adv - mplayerwin_1 Limited directory traversal in CodeMeter 4.30c 02 Sep 2011: adv - codemeter_1 Multiple vulnerabilities in HP SiteScope 11.10 26 Aug 2011: adv - adv - sitescope_1/2 Multiple vulnerabilities in Symantec Veritas Storage Foundation 17 Aug 2011: zdi - zdi - zdi - veritas_* FlexNet License Server Manager Remote Code Execution Vulnerability 17 Aug 2011: adv - zdi - fnplm_1 Multiple vulnerabilities in RealPlayer 14.0.5 16 Aug 2011: zdi - cve - cve - cve - real_* Upload directory traversal in Novell ZenWorks Asset Management 7.5 16 Aug 2011: adv - zenasset_1 Sybase Adaptive Server Backup and Monitor Server vulnerabilities 29 Jul 2011: zdi - zdi - sybase_1/2 FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability 28 Jul 2011: adv - zdi - fnplm_2 TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability 12 Jul 2011: zdi - tmcm_1 Integer overflow in foobar2000 1.1.7 03 Jul 2011: adv - poc - foobar2000_1 HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability 01 Jul 2011: zdi - inodemc_1 Multiple vulnerabilities in Apple QuickTime 29 Jun 2011: id - zdi - zdi - quicktime_2/5/7 in_midi multiple vulnerabilities in Winamp and Essentials Pack 5.61 27 Jun 2011: adv - poc - winamp_3 Multiple vulnerabilities in Winamp 5.61 27 Jun 2011: adv - poc - winamp_2 Arbitrary files deletion in HP OpenView Communication Broker 27 Jun 2011: adv - ovbbccb_1 Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2 27 Jun 2011: adv - zfhsrvr_1 Arbitrary files deletion in Novell File Reporter 1.0.4.2 27 Jun 2011: adv - nfr_2 Off-by-one in Sybase Advantage Server 10.0.0.3 27 Jun 2011: adv - sybase_4 bcksrvr format string in Sybase Adaptive Server 15.5 27 Jun 2011: adv - sybase_3 Stack overflow in Kart Racing Pro, GP Bikes and World Racing Series 27 Jun 2011: adv - piboso_1 NULL pointer in Shockvoice 0.9.5.2941 27 Jun 2011: adv - shockvoice_1 NULL pointer in NVIDIA RealityServer 3.1.1 27 Jun 2011: adv - realityserver_1 Some vulnerabilities in third parties servers for Minecraft 27 Jun 2011: adv - minecraft_like Some vulnerabilities in Ubisoft Gaming Zone (aka GS4) 27 Jun 2011: adv - poc - gs4_1 Multiple vulnerabilities in Adobe Shockwave 15 Jun 2011: zdi - zdi - zdi - zdi - zdi - zdi - zdi - zdi - zdi - zdi - zdi - zdi - id - id - id - id - shockwave_* NULL pointer in iMatix Xitami 5.0a0 04 Jun 2011: adv - xitami_1 Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability 03 Jun 2011: zdi - onebridge_1 HP 3COM/H3C Intelligent Management Center img recv Remote Code Execution Vulnerability 31 May 2011: zdi - imc_4 Integer overflow in Quest NetVault SmartDisk 1.2.2 28 May 2011: adv - poc - percolator_1 Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability (ms11-035) 10 May 2011: adv - zdi - ms - wins_1 Vulnerabilities in Quest Big Brother 4.40 10 May 2011: adv1 - adv2 - bbntd_1/2 Multiple vulnerabilities in HP 3COM/H3C Intelligent Management Center 10 May 2011: zdi - zdi - zdi - zdi - zdi - zdi - zdi - imc_* Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability 09 May 2011: zdi - agd_1 Stack overflow in Microsoft HTML Help 6.1 (CHM files) 12 Apr 2011: adv - poc - chm_1 Vulnerabilities in Microsoft Reader 2.1.1.3143 / 2.6.1.7169 11 Apr 2011: adv1 - adv2 - adv3 - adv4 - adv5 - msreader_1/5 DoS vulnerabilities in Microsoft Host Integration Server 2010 8.5.4224.0 11 Apr 2011: adv - snabase_1 Vulnerabilities in Siemens Tecnomatix FactoryLink 8.0.1.1473 (SCADA) 21 Mar 2011: adv1 - adv2 - adv3 - adv4 - adv5 - adv6 - factorylink_1/6 Vulnerabilities in Iconics GENESIS32 9.21 and GENESIS64 10.51 (SCADA) 21 Mar 2011: adv1 - adv2 - adv3 - adv4 - adv5 - adv6 - adv7 - adv8 - adv9 - adv10 - adv11 - adv12 - adv13 - genesis_1/13 Vulnerabilities in 7-Technologies IGSS 9.00.00.11059 (SCADA) 21 Mar 2011: adv1 - adv2 - adv3 - adv4 - adv5 - adv6 - adv7 - adv8 - igss_1/8 Vulnerabilities in DATAC RealWin 2.1 (Build 6.1.10.10) (SCADA) 21 Mar 2011: adv1 - adv2 - adv3 - adv4 - adv5 - adv6 - adv7 - realwin_2/8 Heap overflow in RealPlayer 14.0.2.633 21 Mar 2011: adv - poc - real_5 Refractor 2 engine NULL pointer Battlefield 2 (1.50), Battlefield 2142 (1.51), ... 19 Feb 2011: adv - poc - bf2null Shockwave Player 11.5.9.615 08 Feb 2011: zdi - zdi - shockwave_* Code execution in Microsoft Fax Cover Page Editor 5.2.3790.3959 19 Jan 2011: adv - poc - fxscover_1 Stack overflow in Winlog 2.07.00 (SCADA) 13 Jan 2011: adv - winlog_1 Directory traversal in IntegraXor 3.6.4000.0 (SCADA) 21 Dec 2010: adv - integraxor_1 Wonderware InBatch 9.0sp1 (SCADA) 07 Dec 2010: adv - inbatch_1 Memory leak in Call of Duty Black Ops 18 Nov 2010: adv - cod7mem Two buffer-overflow in DATAC RealWin 2.0 (Build 6.1.8.10) (SCADA) 15 Oct 2010: adv - poc - realwin_1 Multiple Denial of Service in UniData unirpcd.exe 7.2.7.3806 15 Oct 2010: adv - poc - unirpcd_1 Denial of Service in solidDB 6.5.0.3 15 Oct 2010: adv - poc - soliddb_1 Multiple buffer-overflows in Winamp 5.5.8.2985 13 Oct 2010: adv - poc - winamp_1 Lithtech engine memory corruption F.E.A.R., F.E.A.R. 2, probably any other game based on this engine, ... 20 Jul 2010: adv - poc - fearless Vulnerabilities in Microsoft DirectPlay8 any game based on DP8 like Robot Arena 2, Dungeon Siege 2, Vietcong, Deer Hunter 2004 and 2005, Trophy Hunter 2003, Homeworld 2, Freelancer, Giants, Sacrifice, SWINE, Wings of War, ... 18 Jul 2010: adv - poc - dplay8blah Invalid memory access in Unreal Tournament 3 2.1 17 Jul 2010: adv - ut3steamer Failed assertion in old games based on Unreal engine Raven Shield, Deus Ex, Land of the Dead, Postal 2, Rune, Shadow Ops, Unreal 2, UT, UT2003, WarPath, XIII, ... 15 Jul 2010: adv - unreliable Two vulnerabilities in Ghost Recon Advanced Warfighter 1 and 2 07 Jul 2010: adv - grawful Clients unicode buffer-overflow in Unreal engine 2.5 UT2004, UT2003, SWAT4, Postal2, RavenShield, ... 06 Jul 2010: adv - unrealcbof Negative memcpy in id Tech 4 engine Enemy Territory: Quake Wars, Wolfenstein, ... 05 Jul 2010: adv - idtech4key NULL pointer in Tripwire Interactive games Red Orchestra, Killing Floor, Darkest Hour, Mare Nostrum... 05 Jul 2010: adv - tripwireless Denials of Service in Freeciv 2.2.1 03 Jul 2010: adv - poc - freecivet Buffer-overflow in the Electronic Arts games that use Gamespy Command Conquer 3, Red Alert 3, Battle for Middle-Earth, Battle for Middle-Earth 2, ... 01 Jul 2010: adv - eagsbof Buffer-overflow in Area 51 1.1 30 Jun 2010: adv - a51senseless Refractor 2 engine clients URL directory traversal Battlefield 2, Battlefield 2142, ... 29 Jun 2010: adv - bf2urlz Battlefield 2 1.50 voip failed assertion 29 Jun 2010: adv - bf2voipz Endless loop in Qt QSSLsocket 4.6.3 29 Jun 2010: adv - poc - qtsslame Database error in Mumble server 1.2.2 29 Jun 2010: adv - poc - mumbleed Vulnerabilities in America's Army 3 3.0.7 20 Jun 2010: adv - poc - aa3again Client array overflow in id Tech 4 engine Enemy Territory: Quake Wars, Wolfenstein, ... 19 Jun 2010: adv - poc - idtech4carray Client buffer-overflow in Enemy Territory: Quake Wars 1.5 18 Jun 2010: adv - poc - etqwcbof Exception in Chrome Engine 4 Call of Juarez: Bound in Blood, Sniper: Ghost Warrior, ... 17 Jun 2010: adv - poc - chromerda Multiple vulnerabilities in TeamSpeak 3.0.0-beta23 16 Jun 2010: adv - poc - teamspeakrack Refractor 2 engine endless loop Battlefield 2 (1.41), Battlefield 2142, ... 06 Jun 2010: adv - poc - bf2loop Multiple vulnerabilities in the Gem3 engine Majesty 2, ... 12 May 2010: adv - poc - gem3bugs Denial of Service in GameCore 2.5 12 May 2010: adv - gamecorex Invalid memory access in Torque game engine Metal Drift, Cyber Wing, Legends, 3D RC Racing, Burger Warz, Singularity, Blockland, Mach 1, Buccaneer, Once upon a time, PenguinsArena, ... 09 May 2010: adv - poc - torqueer Multiple vulnerabilities in Alien vs Predator 2.22 07 May 2010: adv - poc - avp3dos Buffer-overflow and exceptions in X-Motor Racing 1.275 (server 1.24) 06 May 2010: adv - poc - xmotorbof Buffer-overflow and NULL pointer in netKar 1.1 (server 1.0.3) 13 Apr 2010: adv - poc - netkarbof Denial of Service in Unity 2.61 25 Mar 2010: adv - disunity Null pointer in Raknet 3.72 25 Mar 2010: adv - rakkia NULL pointer and format string in Ca3D/Cafu engine 9.06/r39 22 Mar 2010: adv - cafux Buffer-overflow in MX Simulator 2010-02-06 22 Mar 2010: adv - mxsx Access violation in Ventrilo client 3.0.5 with Speex codec 10 Sep 2009: adv - poc - ventspeex Voice memset overflow in Ventrilo client 3.0.5 08 Sep 2009: adv - poc - ventrilomemset Server restart in Live for Speed S2 Z13 23 Aug 2009: adv - lfsreset Fragments memory corruption in the Source engine (build 3933) Half-Life 2, Counter-Strike Source, OrangeBox, Team Fortress 2, Left 4 Dead, ... 20 Aug 2009: adv - PoC_LAN - sourcefraghof Files uploading vulnerabilities in the Source engine (build 3933 and 3950) Half-Life 2, Counter-Strike Source, OrangeBox, Team Fortress 2, Left 4 Dead, ... 19 Aug 2009: adv - poc - PoC_LAN - sourceupfile NULL pointer in the Source engine (build 3933) with SourceTV disabled Half-Life 2, Counter-Strike Source, (Valve has confirmed also OrangeBox, Team Fortress 2, Left 4 Dead), ... 18 Aug 2009: adv - poc - sourcenotvnull Format string in the Source engine (build 3933) Half-Life 2, Counter-Strike Source, OrangeBox, Team Fortress 2, Left 4 Dead, ... 17 Aug 2009: adv - poc - PoC_LAN - sourcefs Multiple NULL pointers in Sniper Elite 1.0 14 Aug 2009: adv - poc - snipernull Format string in Vietcong 2 1.10 12 Aug 2009: adv - vietcong2fs Multiple vulnerabilities in the GEM 2 engine Men of War, Faces of War, ... 11 Aug 2009: adv - gem2bugs Denial of Service in PunkBuster (09 Aug 2009) America's Army 2/3, Battlefield 2*, Call of Duty 1/2/4/5, Crysis, DOOM 3, Enemy Territory, ETQW, FEAR, Fuel of War, Need for Speed, Quake 3/4, RTCW, Soldier of Fortune II, Wolfenstein, ... 09 Aug 2009: reference - pbmsgsdos2 Buffer-overflow in PunkBuster 1.728 for Soldier of Fortune II 09 Aug 2009: adv - sof2pbbof Clients NULL pointer in TrackMania 2.11.19 07 Aug 2009: adv - poc - tmnullever Unbannable clients and bell bug in TrackMania Forever v2009-08-01 / 2.11.19 07 Aug 2009: adv - poc - tmbellban Clients termination in TrackMania Forever 2.11.19 04 Aug 2009: adv - tmlocdos Multiple vulnerabilities in TrackMania Forever v2009-05-25 / 2.11.19 27 Jul 2009: adv - poc - tm4never Access violation in Star Wars Battlefront II 1.1 24 Jul 2009: adv - swbf2seven Buffer-overflow in S.T.A.L.K.E.R. Clear Sky 1.5.10 22 Jul 2009: adv - poc - stalkerbof Unhandled malloc exception in S.T.A.L.K.E.R. Clear Sky 1.5.10 22 Jul 2009: adv - poc - stalkazz Unhandled exception in S.T.A.L.K.E.R. Clear Sky 1.5.10 22 Jul 2009: adv - poc - dirtysky Temporary freezing in Crysis 1.21 and Crysis Wars/Warhead 1.5 21 Jul 2009: adv - crysisdos Format string in Crysis 1.21 and Crysis Wars/Warhead 1.5 21 Jul 2009: adv - poc - crysisfs Access violation in the HTTP/XML-RPC service of Crysis 1.21 and Crysis Wars/Warhead 1.5 20 Jul 2009: adv - crysisviol Negative memcpy in Armed Assault 1.14 and ArmA 2 1.04 18 Jul 2009: adv - poc - armadioz Format string in Armed Assault 1.14 and ArmA 2 1.04 (Real Virtuality engine) ArmA, ArmA2, Operation Flashpoint, VBS1, VBS2, ... 18 Jul 2009: adv - poc - armazzofs Memory bug in Armed Assault 1.14 and ArmA 2 1.04 (Real Virtuality engine) ArmA, ArmA2, Operation Flashpoint, VBS1, VBS2, ... 18 Jul 2009: adv - poc - armazzo Wrong type assert in World in Conflict 1.0.1.1 16 Jul 2009: adv - poc - wicass2 Negative memset overflow in America's Army 3 3.0.8 15 Jul 2009: adv - poc - aa3memset NULL pointer and access violation in America's Army 3 3.0.8 15 Jul 2009: adv - poc - aa3pwood Packets loop in America's Army 3.0.6 14 Jul 2009: adv - aa3mah Resource consumption and crash in America's Army 3 3.0.6 13 Jul 2009: adv - aa3boh NULL pointer in America's Army 3 3.0.4 06 Jul 2009: adv - aa3blah Reference for a couple of bugs in HTTP File Server 05 Feb 2009: adv - hfsref Directory traversal in the webadmin of Unreal Tournament 3 1.3 21 Sep 2008: adv - ut3webown Failed assertion in the Unreal engine Unreal Tournament 3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, Shadow Ops, ... 15 Sep 2008: adv - poc - unreaload Server termination in the Unreal engine 3 Unreal Tournament 3, Frontlines: Fuel of War, America's Army 3, HomeFront ... 11 Sep 2008: adv - poc - ut3sticle Clients format strings in the Unreal engine 11 Sep 2008: adv - poc - unrealcfs NULL pointer in Ventrilo 3.0.2 13 Aug 2008: adv - poc - ventrilobotomy NULL pointer in Skulltag 0.97d2-RC3 11 Aug 2008: adv - poc - skulltagod Endless loop and resources consumption in Halo 1.0.7.0615 06 Aug 2008: adv - poc - poc - halonsoloop3 Server termination in America's Army 2.8.3.1 02 Aug 2008: adv - poc - armynchia Memory corruption and NULL pointer in Unreal Tournament III 1.2 Unreal Tournament 3, America's Army 3 ... 30 Jul 2008: adv - poc - ut3mendo NULL pointer in Unreal Tournament 2004 v3369 affects also other games like Red Orchestra, Shadow Ops: Red Mercury, ... 30 Jul 2008: adv - poc - ut2004null NULL pointer in ZDaemon 1.08.07 21 Jul 2008: adv - poc - zdaemonull Vulnerabilities in SWAT 4 1.1 20 Jul 2008: adv - swat4x Endless loop in Soldner 33724 01 Jul 2008: adv - poc - usurdat Endless loop in Halo 1.07 29 Jun 2008: adv - poc - haloloop2 Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006 28 Jun 2008: adv - poc - stalker39x Some bugs in SunAge 1.08.1 23 Jun 2008: adv - poc - sunagex Double Denial of Service in Call of Duty 4 1.7 22 Jun 2008: adv - poc - cod4vamap NULL pointer in World in Conflict 1.009 22 Jun 2008: adv - poc - wicboom Server freezed in Skulltag 0.97d2-RC2 16 Jun 2008: adv - poc - skulltagloop NULL pointer in the HTTP/XML-RPC service of Crysis 1.21 16 Jun 2008: adv - dontcrysis Denial of Service in S.T.A.L.K.E.R. 1.0006 15 Jun 2008: adv - poc - stalkerboom Information disclosure in Crysis 1.21 15 Jun 2008: adv - poc - crysislog Multiple vulnerabilities in WebMod 0.48 03 May 2008: adv - webmodz Denial of Service in Call of Duty 4 1.5 02 May 2008: adv - PoC (requires sudppipe) - PoC for LAN - cod4statz Denial of Service in eTrust Secure Content Manager r8 18 Apr 2008: adv - poc - ecsqdamn Invalid memory access in CA ARCserve Backup 12.0.5454.0 17 Apr 2008: adv - poc - carcbackazz Denial of Service in PunkBuster (22 Oct 2007 and 09 Aug 2009) America's Army 2/3, Battlefield 2*, Call of Duty 1/2/4/5, Crysis, DOOM 3, Enemy Territory, ETQW, FEAR, Fuel of War, Need for Speed, Quake 3/4, RTCW, Soldier of Fortune II, Wolfenstein, ... 16 Apr 2008: adv - poc - new PoC - pbmsgsdos Directory traversal in BigAnt Messenger 2.2 16 Apr 2008: adv - biggayant CGI source disclosure in Ruby WEBrick 1.9.0 (FAT/NTFS) 15 Apr 2008: adv - webrickcgi Reference advisory for old bugs in HP OpenView NNM 7.50/7.51 15 Apr 2008: adv - closedview_old NULL pointer in Nero MediaHome 3.3.3.0 12 Apr 2008: adv - neromedia Upload directory traversal in HP LoadRunner 9.10 12 Apr 2008: adv - poc - willycoyote Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 11 Apr 2008: adv - closedviewx Denial of Service in SmarterMail 5.0.2999 11 Apr 2008: adv - dumbermail Memory corruption in HP OpenView Network Node Manager 7.53 08 Apr 2008: adv - poc - closedview Directory traversal in LANDesk Management Suite 8.80.1.1 01 Apr 2008: adv - landesktftp Directory traversal in 2X ThinClientServer v5.0_sp1-r3497 29 Mar 2008: adv - thindirtrav Denial of Service in SLMail Pro 6.3.1.0 29 Mar 2008: adv - slmaildos Multiple vulnerabilities in solidDB 06.00.1018 26 Mar 2008: adv - poc - soliduro Buffer-overflow in ASUS Remote Console 2.0.0.24 21 Mar 2008: adv - asuxdpc Multiple heap overflows in xine-lib 1.1.11 20 Mar 2008: adv - poc - xinehof Buffer-overflow in BootManage TFTPD 1.99 16 Mar 2008: adv - bootixtftpd Multiple vulnerabilities in Net Inspector 6.5.0.828 14 Mar 2008: adv - netinsp Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) 12 Mar 2008: adv - poc - meccaffi Vulnerabilities in Timbuktu Pro 8.6.5 10 Mar 2008: adv - poc - timbuto Multiple vulnerabilities in ASG-Sentry 7.0.0 10 Mar 2008: adv - asgulo NULL pointer in Remotely Anywhere 8.0.668 08 Mar 2008: adv - remotelynowhere Directory traversal in Argon Client Management Services 1.31 08 Mar 2008: adv - argonauti Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076 08 Mar 2008: adv - acropxe Invalid memory access in Acronis True Image Group Server 1.5.19.191 08 Mar 2008: adv - acrogroup NULL pointer in Acronis True Image Windows Agent 1.0.0.54 08 Mar 2008: adv - acroagent Denial of Service in PacketTrap TFTP server 2.0.3901.0 08 Mar 2008: adv - packettrash Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13 07 Mar 2008: adv - poc - maildisable Directory traversal in MicroWorld eScan Server 9.0.742.98 06 Mar 2008: adv - escaz Multiple vulnerabilities in Perforce Server 2007.3/143793 05 Mar 2008: adv - poc - perforces Arbitrary commands execution in Versant Object Database 7.0.1.3 04 Mar 2008: adv - poc - versantcmd Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03 03 Mar 2008: adv - poc - visibroken Multiple vulnerabilities in Borland StarTeam MPX 6.7 02 Mar 2008: adv - poc - starteammpx Multiple integer overflows in Borland StarTeam server 10.0.0.57 02 Mar 2008: adv - poc - starteamz Denial of Service in SmsGate 1.1n 28 Feb 2008: adv - smsgheit Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products 27 Feb 2008: adv - poc - officescaz NULL pointer in SurgeFTP 2.3a2 25 Feb 2008: adv - surgeftpizza Format string and buffer-overflow in SurgeMail 38k4 25 Feb 2008: adv - poc - surgemailz Multiple vulnerabilities in Double-Take 5.0.0.2865 22 Feb 2008: adv - poc - doubletakedown Denial of Service in Zilab Remote Console Server 3.2.9 21 Feb 2008: adv - poc - zilabzrcsdos Multiple vulnerabilities in Zilab Chat and Instant Messaging 2.1 21 Feb 2008: adv - poc - zilabzcsx Heap overflow in Sybase MobiLink 10.0.1.3629 20 Feb 2008: adv - poc - mobilinkhof Multiple buffer-overflow in NowSMS v2007.06.27 19 Feb 2008: adv - poc - nowsmsz Directory traversal in SCI Chat v3.4.9 19 Feb 2008: adv - scichatdt Access violation and limited information disclosure in webcamXP 3.72.440.0 18 Feb 2008: adv - webcamxp NULL pointer crash in freeSSHd 1.20 17 Feb 2008: adv - poc - freesshdnull Two heap overflow in Foxit WAC Server 2.0 Build 3503 16 Feb 2008: adv - poc - wachof Directory traversal and DoS in WinIPDS G52-33-021 12 Feb 2008: adv - winipds Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11 11 Feb 2008: adv - poc - rpmlpdbof Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105 11 Feb 2008: adv - lstnpsx Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x 11 Feb 2008: adv - poc - cyanuro Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 10 Feb 2008: adv - sentinella Multiple vulnerabilities in ExtremeZ-IP File and Printer Server 5.1.2x15 10 Feb 2008: adv - poc - ezipirla NULL byte writing in Emerald, RadiusNT/X and Air Marshal 08 Feb 2008: adv - emerdal Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1 07 Feb 2008: adv - poc - ipsimene Logs visualization in WS_FTP Server Manager 6.1.0.0 06 Feb 2008: adv - wsftpweblog Chat vulnerabilities in TinTin++ 1.97.9 06 Feb 2008: adv - poc - rintintin Multiple vulnerabilities in WinCom LPD Total 3.0.2.623 04 Feb 2008: adv - poc - wincomalpd Multiple vulnerabilities in SAPlpd 6.28 and SAPSprint 1018 04 Feb 2008: adv - poc - saplpdz Socket termination in WS_FTP FTP Log Server 7.9.14.0 04 Feb 2008: adv - ftplogsrvz Denial of Service in Print Manager Plus 7.0.127.16 31 Jan 2008: adv - pqcorez Crash in BitTorrent 6.0.1 and uTorrent 1.7.6 through webui 27 Jan 2008: adv - poc - ruttorrent2 Multiple crashes in Steamcast 0.9.75 24 Jan 2008: adv - steamcazz Peers unicode overflow in BitTorrent 6.0 and uTorrent 1.7.5 16 Jan 2008: adv - poc - ruttorrent Buffer-overflow in Quicktime Player 7.3.1.70 10 Jan 2008: adv - poc - quicktimebof Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 09 Jan 2008: adv - poc - sapone rmff_dump_header heap-overflow in Xine 1.1.9 08 Jan 2008: adv - xinermffhof sdpplin_parse heap-overflow in VLC 0.8.6d 08 Jan 2008: adv - vlcxhof report buffer-overflow in xtacacsd 4.1.2 08 Jan 2008: adv - poc - xtacacsdz Multiple vulnerabilities in yaSSL 1.7.5 04 Jan 2008: adv - poc - PoC_mySQL - yasslick Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 02 Jan 2008: adv - poc - gswsshit Buffer-overflow and format string in White_Dune 0.29beta791 02 Jan 2008: adv - poc - whitedunboffs Denial of Service in Pragma FortressSSH 5.0.4.293 02 Jan 2008: adv - poc - pragmassh Denial of Service in Pragma TelnetServer 7.0.4.589 02 Jan 2008: adv - poc - pragmatel Exception message in Seattle Lab Telnet Server 4.1.1.3758 02 Jan 2008: adv - poc - slnetmsg Exception message in VanDyke VShell 3.0.3.569 02 Jan 2008: adv - poc - vshellmsg Buffer-overflow in CoolPlayer 217 28 Dec 2007: adv - culplayer Buffer-overflow in Extended Module Player 2.5.1 27 Dec 2007: adv - poc - xmpbof Multiple vulnerabilities in libnemesi 0.6.4-rc1 27 Dec 2007: adv - poc - libnemesibof Multiple vulnerabilities in Feng 0.1.15 27 Dec 2007: adv - poc - fengulo Unicode buffer-overflow in Zoom Player 6.00b2 24 Dec 2007: adv - poc - zoomprayer Buffer-overflow and format string in VideoLAN VLC 0.8.6d 24 Dec 2007: adv - poc - vlcboffs Double directory traversal in ImgSvr 0.6.21 24 Dec 2007: adv - imgsvr Buffer-overflow in WinUAE 1.4.4 21 Dec 2007: adv - poc - winuaebof Array overflow in id3lib (devel CVS) 19 Dec 2007: adv - poc - id3libexec Some buffer-overflow in ProWizard 1.62 19 Dec 2007: adv - poc - prowizbof Two vulnerabilities in Cherokee r952 for Windows 17 Dec 2007: adv - cherokaz Heap overflow in PeerCast 0.1217 / SVN 344 17 Dec 2007: adv - poc - peercasthof Multiple vulnerabilities in BarracudaDrive 3.7.2 10 Dec 2007: adv - barradrive Multiple vulnerabilities in BadBlue 2.72b 10 Dec 2007: adv - badblue Filesystem access in DOSBox 0.72 10 Dec 2007: adv - poc - dosboxxx Upload directory traversal in Easy File Sharing 4.5 07 Dec 2007: adv - poc - efsup Two vulnerabilities in Simple HTTPD 1.38 07 Dec 2007: adv - shttpd Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146) 05 Dec 2007: adv - hfsup Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 03 Dec 2007: adv - poc - fireflyz Two DoS in I Hear U 0.5.6 20 Nov 2007: adv - poc - ihudos Static buffer overflow in Rigs of Rods 0.33d 19 Nov 2007: adv - poc - rorbof Crash in LIVE555 Media Server 2007.11.01 18 Nov 2007: adv - poc - live555x assert() DoS in World in Conflict 1.001 26 Oct 2007: adv - poc - wicassert Clients buffer-overflow in Live for Speed 0.5Y 13 Oct 2007: adv - poc - lfscbof NULL pointer crash in World in Conflict 1.000 09 Oct 2007: adv - wicvoipnull Format string in The Dawn of Time 1.69s beta4 05 Oct 2007: adv - dawnfs Multiple vulnerabilities in Dropteam 1.3.3 05 Oct 2007: adv - poc - dropteamz Format string in the Doom 3 engine through PunkBuster Doom 3, Quake 4, Prey, ... 01 Oct 2007: adv - poc - d3engfspb Format string in F.E.A.R. 1.08 through PunkBuster 01 Oct 2007: adv - poc - fearfspb Unexploitable buffer-overflow in America's Army 2.8.2 through PunkBuster 01 Oct 2007: adv - poc - aaboompb Two buffer-overflow in FSD V2.052 d9 and FSFDT V3.000 d9 01 Oct 2007: adv - fsdbof Multiple vulnerabilities in the gMotor2 engine F1 Challenge 99-02, rFactor, GT Legends, GTR, GTR 2, RACE, Race 07, BMW M3 Challenge, ... 19 Sep 2007: adv - poc - gmotor2 Format string and buffer-overflow in CellFactor Revolution 1.03 07 Sep 2007: adv - poc - cellfucktor Format string and clients disconnection in Alien Arena 2007 6.10 05 Sep 2007: adv - poc - aa2k7x Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 29 Aug 2007: adv - poc - dumsdei Heap overflow in Skulltag 0.97d-beta4.1 23 Aug 2007: adv - poc - skulltaghof Multiple denial of service in Soldat 1.4.2/2.6.2 23 Aug 2007: adv - poc - soldatdos Multiple vulnerabilities in Vavoom 1.24 23 Aug 2007: adv - vaboom2 hell bell bug in odamex 0.2a 23 Aug 2007: adv - odamexbell Buffer-overflow in the Asura engine Rogue Trooper, Prism: Guard Shield, ... 22 Aug 2007: adv - poc - asurabof Unexploitable buffer-overflow in the logging function of the Unreal engine 18 Aug 2007: adv - poc - unrwebdos Multiple vulnerabilities in Toribash 2.71 18 Aug 2007: adv - poc - toribashish Multiple vulnerabilities in rFactor 1.250 18 Aug 2007: adv - poc - rfactorx Multiple vulnerabilities in Live for Speed 0.5X10 14 Aug 2007: adv - poc - lfsbof Multiple vulnerabilities in Babo Violent 2 2.08.00 14 Aug 2007: adv - poc - bv2x Crash in Zoidcom 0.6.7 14 Aug 2007: adv - poc - zoidboom2 Details about the hlfreeze/hl-headnut/csdos/"Born to be pig" bugs 06 Apr 2007: adv - poc - hlfreeze/hl-headnut/csdos/Born to be pig Pulseaudio 0.9.5 (rev 1437) termination 29 Mar 2007: adv - poc - pulsex Multiple vulnerabilities in NAS 1.8a (svn 231) 18 Mar 2007: adv - poc - nasbugs Buffer-overflow in Conquest client 8.2a (svn 691) 07 Mar 2007: adv - italiano - conquestbof Limited format string in Netrek 2.12.0 02 Mar 2007: adv - italiano - poc - netrekfs Players disconnection in Simbin racing games GTR - FIA GT Racing Game, GT Legends, GTR 2, RACE - The WTCC Game 21 Feb 2007: adv - italiano - simbinzero DoS and possible format string in Marathon Aleph One 16 Dec 2006 07 Jan 2007: adv - poc - alephonz Buffer-overflow in ml_ipod 2.00p19 12 Dec 2006: adv - mlipodbof Multiple vulnerabilities in Winamp Web Interface 7.5.13 10 Dec 2006: adv - italiano - wawix In-game callvote map buffer-overflow in Call of Duty series 24 Sep 2006: adv - italiano - codmapbof Multiple buffer-overflows in libmusicbrainz 2.1.2 13 Aug 2006: adv - italiano - poc - brainzbof Multiple buffer-overflows in AlsaPlayer 0.99.76 09 Aug 2006: adv - italiano - poc - alsapbof Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 09 Aug 2006: adv - italiano - poc - mptho Buffer-overflow in Aqualung 0.9beta5 (CVS 0.193.2) 09 Aug 2006: adv - italiano - poc - aquabof Heap corruption in Festalon 0.5.5 06 Aug 2006: adv - italiano - poc - festahc Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006) 06 Aug 2006: adv - italiano - poc - dconnx Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5 31 Jul 2006: adv - italiano - poc - ocpbof Bugs in BomberClone 0.11.6 30 Jul 2006: adv - italiano - poc - bcloneboom Heap overflow in the GT2 loader of libmikmod 3.2.2 24 Jul 2006: adv - italiano - poc - lmmgt2ho Format string bug in the gout console output of Game Networking Engine 0.70 (CVS 23 Jul 2006) 24 Jul 2006: adv - italiano - gnefs Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 23 Jul 2006: adv - italiano - poc - cheesebof Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) 23 Jul 2006: adv - italiano - freecivx Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) 22 Jul 2006: adv - italiano - warzonebof Multiple vulnerabilities in UFO2000 svn 1057 16 Jul 2006: adv - italiano - ufo2ko Heap overflow in Dumb 0.9.3 through it_read_envelope 16 Jul 2006: adv - italiano - poc - dumbit Crash and freeze in Armagetron Advanced 2.8.2 16 Jul 2006: adv - italiano - atrondos Format string bug in Sparklet 0.9.4try3 06 Jul 2006: adv - italiano - sparkletfs Possible code execution in Kaillera 0.86 06 Jul 2006: adv - italiano - poc - kailleraex Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006) 06 Jul 2006: adv - italiano - adplugbof Format string bug and some DoS in Zig Game Engine 1.0.0 (CVS 24 Jun 2006) 06 Jul 2006: adv - italiano - zigfs Socket unreachable in Nascar Racing 4, 2002 and 2003 Season 02 Jul 2006: adv - italiano - nascarzero Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) some of the possible vulnerable games/engines are listed here 27 Jun 2006: adv - italiano - q3cfilevar Format string and crash in Neoengine 0.8.2 (rev 3422) 27 Jun 2006: adv - italiano - neoenginex Client buffer-overflow in Quake 3 engine (1.32c / rev 795 / ...) some of the possible vulnerable games/engines are listed here 02 Jun 2006: adv - italiano - q3cbof Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229) America's Army 2, Battlefield 2*, Call of Duty 1/2, DOOM 3, Enemy Territory, FEAR, Quake 3/4, RTCW, Soldier of Fortune II, ... 23 May 2006: adv - italiano - poc - pbwebbof Server termination in netPanzer 0.8 (rev 952) 23 May 2006: adv - italiano - poc - panza Format string vulnerabilities in OpenBOR 2.0046 20 May 2006: adv - italiano - borfs Two heap overflow in libextractor 0.5.13 (rev 2832) 17 May 2006: adv - italiano - poc - libextho Socket unreachable in GNUnet rev 2780 12 May 2006: adv - italiano - gnunetzero Multiple vulnerabilities in Outgun 1.0.3 bot 2 12 May 2006: adv - italiano - poc - outgunx Server crash in Empire 4.3.2 12 May 2006: adv - italiano - poc - empiredos Buffer-overflow and NULL pointer crash in Genecys 0.2 12 May 2006: adv - italiano - poc - genecysbof Multiple vulnerabilities in Raydium rev 309 12 May 2006: adv - italiano - poc - raydiumx Format string bug in Skulltag 0.96f 23 Apr 2006: adv - italiano - poc - skulltagfs Denial of service bugs in OpenTTD 0.4.7 23 Apr 2006: adv - italiano - poc - openttdx Buffer-overflow and crash in Fenice OMS 1.10 23 Apr 2006: adv - italiano - fenicex network_receive_packet and network_host_handle_join buffer-overflow in dimension3 1.5 23 Apr 2006: adv - italiano - poc - dim3bof Buffer-overflow in Ultr@VNC 1.0.1 viewer and server 04 Apr 2006: adv - italiano - poc - uvncbof Format string in Doomsday 1.8.6 03 Apr 2006: adv - italiano - doomsdayfs Buffer-overflow and in-game crash in Zdaemon 1.08.01 and X-Doom R6 31 Mar 2006: adv - italiano - poc - zdaebof Socket unreachable and decompression buffer-overflow in Vavoom 1.19.1 26 Mar 2006: adv - italiano - poc - vaboom Multiple vulnerabilities in csDoom 0.7 26 Mar 2006: adv - italiano - poc - csdoombof Multiple vulnerabilities in ENet library (Jul 2005) Cube, Sauerbraten, Duke3d_w32, Soccar, Ered Luin, breve, Enigma, The Mana World, Block Attack and many others 12 Mar 2006: adv - italiano - poc - enetx Clients disconnection in GGZ Gaming Zone 0.0.12 12 Mar 2006: adv - italiano - poc - ggzcdos Multiple vulnerabilities in Alien Arena 2006 GE 5.00 07 Mar 2006: adv - italiano - poc - aa2k6x Out of memory crash in Freeciv 2.0.7 06 Mar 2006: adv - italiano - poc - freecivdos Multiple vulnerabilities in Liero Xtreme 0.62b 06 Mar 2006: adv - italiano - poc - lieroxxx Multiple vulnerabilities in Sauerbraten engine 2006_02_28 06 Mar 2006: adv - italiano - poc - sauerburn Multiple vulnerabilities in Cube engine 2005_08_29 06 Mar 2006: adv - italiano - poc - evilcube Server freeze in Monopd 0.9.3 03 Mar 2006: adv - italiano - poc - monopdx Off-by-one in Tenes Empanadas Graciela 0.11.1 03 Mar 2006: adv - italiano - tegob1 Soldier of Fortune II format string through PunkBuster < 1.180 16 Feb 2006: adv - italiano - sof2pbfs Buffer-overflow in Dual DHCP DNS Server 1.0 14 Jan 2006: adv - italiano - poc - dualsbof BZFlag 2.0.4 server crash due to undelimited callsign 25 Dec 2005: adv - italiano - poc - bzflagboom Buffer-overflow in GO-Global for Windows 3.1.0.3270 02 Nov 2005: adv - italiano - PoC (server) - PoC (clients) - ggwbof Buffer-overflow and directory traversal in Asus Video Security 3.5.0.0 02 Nov 2005: adv - italiano - poc - asusvsbugs Multiple vulnerabilities in Scorched 3D 39.1 02 Nov 2005: adv - italiano - poc - scorchbugs Limited directory traversal in NeroNET 1.2.0.2 02 Nov 2005: adv - italiano - neronet Buffer-overflow in Glider collect'n kill 1.0.0.0 02 Nov 2005: adv - italiano - poc - gliderbof Buffer-overflow and crash in FlatFrag 0.3 02 Nov 2005: adv - italiano - poc - flatfragz Player disconnection and server interruption in Blitzkrieg 2 1.21 02 Nov 2005: adv - italiano - poc - blitz2out Socket termination in Battle Carry .005 02 Nov 2005: adv - italiano - poc - bcarrydos Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100 30 Sep 2005: adv - italiano - poc - virtbugs Server crash and motd deletion in MultiTheftAuto 0.5 patch 1 25 Sep 2005: adv - italiano - poc - mtaboom Multiple vulnerabilities in BFCommand & Control Server Manager BFCC <= 1.22_A and BFVCC <= 2.14_B 29 Aug 2005: adv - italiano - poc - bfccown Server crash in Ventrilo 2.3.0 23 Aug 2005: adv - italiano - poc - ventboom Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0 17 Aug 2005: adv - italiano - poc - chmpokbof Format string and buffer-overflow in Sacrifice 01 Aug 2005: adv - italiano - sacrifice Broadcast format string and buffer-overflow in Race Driver 1.20 18 Jul 2005: adv - italiano - rdrum Endless loop in NetPanzer 0.8 13 Jul 2005: adv - italiano - poc - panzone In-game /ignore crash in Soldier of Fortune II 1.03 29 Jun 2005: adv - italiano - sof2ignore Server termination in Raknet 2.33 (before 30 May 2005) Elite Warriors: Vietnam, ... 05 Jun 2005: adv - italiano - poc - rakzero Crash in Stronghold 2 1.2 30 May 2005: adv - italiano - poc - strong2boom Buffer-overflow and crash in Terminator 3: War of the Machines 1.16 26 May 2005: adv - italiano - poc - t3wmbof Buffer-overflow in C'Nedra 0.4.0 26 May 2005: adv - italiano - poc - cnedrabof Endless loop in Halo 1.06 24 May 2005: adv - italiano - poc - haloloop Format string and crash in Warrior Kings 1.3 and Battles 1.23 23 May 2005: adv - italiano - PoC for WK - PoC for WKB - warkings In-game server crash in War Times 1.03 17 May 2005: adv - italiano - poc - wartimesboom Crash in Zoidcom 1.0 beta 4 10 May 2005: adv - italiano - poc - zoidboom Gamespy cd-key validation system: "Cd-key in use" DoS versus many games Players of the games Halo, Battlefield 1942 and Vietnam, Men of Valor, Painkiller, Star Wars Battlefront, Star Wars Republic Commando, Tribes: Vengeance and many others 04 May 2005: adv - italiano - PoC (method 2) - PoC (method 1 for Gore 1.48) - gskeyinuse Gamespy cd-key validation system: Cd-key never in use 04 May 2005: adv - italiano - poc - gskeydisc Clients format string and server crash in Mtp-Target 1.2.2 01 May 2005: adv - italiano - poc - mtpbugs In-game vulnerabilities in IGI 2: Covert Strike 1.3 14 Apr 2005: adv - italiano - poc - igi2bugs Multiple vulnerabilities in Yager 5.24 14 Apr 2005: adv - italiano - poc - yagerbof In-game server buffer-overflow in Jedi Academy 1.011 02 Apr 2005: adv - italiano - poc - jamsgbof In-game server crash (buffer overrun) in Call of Duty 1.5b, United Offensive 1.51b, Call of Duty II 1.0 02 Apr 2005: adv - italiano - poc - codmsgboom In-game players kicking in the Quake 3 engine Call of Duty, Quake III Arena, Return to Castle Wolfenstein, Soldier of Fortune II, Star Wars Jedi Knight II: Jedi Outcast, Star Wars Jedi Knight: Jedi Academy and Wolfenstein: Enemy Territory 02 Apr 2005: adv - italiano - poc - q3msgboom Buffer-overflow in Tincat 2 minor than 2.0.28 The Settlers: Heritage of Kings <= 1.02, Sacred <= 1.8.2.6 and others 28 Mar 2005: adv - italiano - poc - tincat2bof Socket unreachable and crash in FunLabs games Cabela's, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, US Most Wanted: Nowhere To Hide, ... 20 Mar 2005: adv - italiano - poc - funlabsboom In-game format string in Xpand Rally 1.1.0.0 09 Mar 2005: adv - italiano - poc - xprallyfs Client buffer-overflow in Chaser 1.50 04 Mar 2005: adv - italiano - poc - chasercool Format string and crash in Carsten's 3D Engine (March 2004) 03 Mar 2005: adv - italiano - poc - ca3dex Server termination in Scrapland 1.0 28 Feb 2005: adv - italiano - poc - scrapboom In-game cl_guid crash in Soldier of Fortune II 1.03 24 Feb 2005: adv - italiano - poc - sof2guidboom Multiple vulnerabilities in TrackerCam 5.12 18 Feb 2005: adv - italiano - poc - tcambof Buffer-overflow in Bontago 1.1 18 Feb 2005: adv - italiano - poc - bontagobof Directory traversal in Xinkaa web station 1.0.3 18 Feb 2005: adv - xinkaa Infostring crash and shutdown in the Quake 3 engine Call of Duty, Quake III Arena, Return to Castle Wolfenstein, Soldier of Fortune II, Star Trek Voyager: Elite Force, Star Trek: Elite Force II, Star Wars Jedi Knight II: Jedi Outcast, Star Wars Jedi Knight: Jedi Academy, Wolfenstein: Enemy Territory, ... 12 Feb 2005: adv - italiano - poc - q3infoboom Crashes and socket unreachable in Armagetron Advanced 0.2.7.0 10 Feb 2005: adv - italiano - PoC 1 - PoC 2 - atron Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 08 Feb 2005: adv - italiano - PoC RGS - PoC RGP - realarcade Limited buffer-overflow in Painkiller 1.35 02 Feb 2005: adv - italiano - poc - painkkeybof Broadcast crash in Xpand Rally 1.0.0.0 30 Jan 2005: adv - italiano - poc - xprallyboom Local buffer-overflow in W32Dasm 8.93 24 Jan 2005: adv - italiano - poc - w32dasmbof Arbitrary files overwriting through skins in DivX Player 2.6 21 Jan 2005: adv - italiano - poc - divxplayer Socket termination in Halocon 2.0.0.81 16 Jan 2005: adv - halocon Server crash in Breed patch #1 13 Jan 2005: adv - italiano - poc - breedzero Socket unreachable in Amp II engine Gore, ... 06 Jan 2005: adv - italiano - poc - amp2zero Socket termination, format string and XSS in Soldner Secret Wars 30830 04 Jan 2005: adv - italiano - poc - soldnerx Socket unreachable in the Lithtech engine (new protocol) Contract Jack 1.1, No one lives forever 2 1.3, Tron 2.0 1.042 and F.E.A.R. 1.02 13 Dec 2004: adv - italiano - poc - lithsock Socket unreachable in Codename Eagle 1.42 11 Dec 2004: adv - italiano - poc - ceaglesock In-game buffer-overflow in the Gamespy cd-key validation SDK Some of the games listed here 10 Dec 2004: adv - italiano - PoC for Gore - gskeysdk Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2 07 Dec 2004: adv - italiano - poc - bfcboom Multiple vulnerabilities in Kreed 1.05 02 Dec 2004: adv - italiano - poc - kreedexec Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 30 Nov 2004: adv - italiano - poc - janados Buffer-overflow in Orbz 2.10 29 Nov 2004: adv - italiano - poc - orbzbof Players overflow in Serious engine UDP Alpha Black Zero, Nitro family and Serious Sam Second Encounter 1.07 28 Nov 2004: adv - italiano - poc - serious Crash in Remote admin for Star wars battlefront (swbfraw32) 28 Nov 2004: adv - swbfraw32 Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11 24 Nov 2004: adv - italiano - poc - swb Broadcast memory corruption in Soldier of Fortune II 1.03 (refer to q3infoboom too) 23 Nov 2004: adv - italiano - poc - sof2boom Broadcast client crash in Halo 1.05 22 Nov 2004: adv - italiano - poc - halocboom Multiple vulnerabilities in Hired Team: Trial (Shine engine) 15 Nov 2004: adv - italiano - hteam Format string bug in Army Men RTS 14 Nov 2004: adv - italiano - artsfs Crash in Secure Network Messenger 1.4.2 12 Nov 2004: adv - italiano - snmboom Resources consumption in 602 Lan Suite 2004.0.04.0909 06 Nov 2004: adv - italiano - poc - 602res In-game format string bug in the Lithtech engine Alien vs Predator 2, Blood 2, Contract Jack, Global Operations, Kiss Psycho Circus, Legends of Might and Magic, No one lives forever, No one lives forever 2, Purge Jihad, Sanity, Shogo, Tron 2.0, F.E.A.R. 1.02 and others... 05 Nov 2004: adv - italiano - lithfs Directory traversal and DoS in Chesapeake TFTP Server 1.0 30 Oct 2004: adv - poc - cccitftp Buffer-overflow and directory traversal in Allied Telesyn TFTP server 1.8 30 Oct 2004: adv - poc - attftp Crashes in Master of Orion III 1.2.5 27 Oct 2004: adv - italiano - poc - moo3boom Buffer-overflow in Age of Sail II 1.04.151 20 Oct 2004: adv - italiano - poc - aos2bof Broadcast crash in Vypress Tonecast 1.3 19 Oct 2004: adv - italiano - poc - toneboom Directory traversal in Yak! 2.1.2 15 Oct 2004: adv - italiano - yak Buffer-overflow in ShixxNOTE 6.net 13 Oct 2004: adv - italiano - poc - shixxbof Limited \secure\ buffer-overflow in some old Monolith games Alien versus predator 2, Blood 2, No one lives forever and Shogo 08 Oct 2004: adv - italiano - poc - lithsec Server crash in Flash Messaging 5.2.0g 07 Oct 2004: adv - italiano - poc - flashmsg Directory traversal in Tridcomm 1.3 06 Oct 2004: adv - italiano - tridcomm In-game format string in Judge Dredd vs. Death 1.01 02 Oct 2004: adv - italiano - dreddfs Broadcast buffer-overflow in Vypress Messenger 3.5.1 01 Oct 2004: adv - italiano - poc - vymesbof Code execution in Icecast 2.0.1 28 Sep 2004: adv - italiano - poc - iceexec Broadcast crash in Chatman 1.5.1 RC1 27 Sep 2004: adv - italiano - poc - chatmanx Buffer-overflow in Zinf 2.2.1 for Windows through PLS file 24 Sep 2004: mail with info - poc - zinf-bof Multiple vulnerabilities in ActivePost Standard 3.1 23 Sep 2004: adv - italiano - PoC crash - PoC directory traversal - actp Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004) 21 Sep 2004: adv - italiano - poc - popmsgboom Crash in Lords of the Realm III 1.01 19 Sep 2004: adv - italiano - poc - lotr3boom Freeze in Pigeon Server 3.02.0143 16 Sep 2004: adv - italiano - poc - pigeonx Off-by-one bug in Halo 1.04 09 Sep 2004: adv - italiano - poc - haloboom Broadcast shutdown in Call of Duty 1.4 (refer to q3infoboom too) 05 Sep 2004: adv - italiano - poc - codboom Broadcast forced exit in Ground Control II 1.0.0.7 26 Aug 2004: adv - italiano - poc - gc2boom Limited buffer overflow in Painkiller 1.31 24 Aug 2004: adv - italiano - poc - painkex Medal of Honor remote buffer-overflow (AA 1.11v9, SH 2.15, BT 2.40b) 17 Jul 2004: adv - italiano - poc - mohaabof Remote crash of Half-Life servers and clients (versions before the 07 July 2004) 12 Jul 2004: adv - italiano - poc - hlboom Code execution in the Unreal Engine through \secure\ packet DeusEx, Devastation, Mobile Forces, Nerf Arena Blast, Postal 2, Rune, Tactical Ops, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Unreal Tournament 2004, Wheel of Time, X-com Enforcer, ... 18 Jun 2004: adv - italiano - poc - SpoofedPoC - unsecure Various in-game crashes and fun in Race Driver 1.20 08 Jun 2004: adv - italiano - poc - rdboom Colin McRae Rally 04 1.0 broadcast clients crash 04 Jun 2004: adv - italiano - poc - cmr4cdos Arbitrary file overwriting in Unreal engine through UMOD 22 Apr 2004: adv - italiano - poc - umod DoS in Rsniff 1.0 09 Apr 2004: adv - italiano - poc - rsniff Format string bug in IGI 2: Covert Strike 1.3 05 Apr 2004: adv - italiano - poc - igi2fs RogerWilco new bugs: UDP crash, "Voices from the deep", privacy problems and annoying attacks 31 Mar 2004: adv - poc - wilco Remote crash in Etherlords I 1.07 and II 1.03 25 Mar 2004: adv - italiano - poc - ethboom Buffer overflow in PicoPhone 1.63 24 Mar 2004: adv - italiano - poc - picobof Server freeze in The Rage 1.01 23 Mar 2004: adv - italiano - poc - ragefreeze Castles and Catapults game freeze 23 Mar 2004: adv - italiano - cnc Broadcast client buffer-overflow in Terminator 3 1.0 19 Mar 2004: adv - italiano - poc - t3cbof Chrome 1.2.0.0 server crash 18 Mar 2004: adv - italiano - poc - chromeboom Battle Mages server freeze 11 Mar 2004: adv - italiano - poc - LAN_PoC - battlemages Format string bug in EpicGames Unreal engine America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, XIII, ... 10 Mar 2004: adv - italiano - poc - unrfs Crash of Battle Isle Andosia War 2.08 09 Mar 2004: adv - italiano - PoC (for server) - PoC (for client) - bisleboom Ghost users in Chat Anywhere 2.72 09 Mar 2004: adv - italiano - PoC (html page) - chatany-ghost Remote server crash in Haegemonia 1.07 and Desert Rats vs. Afrika Korps 24 Feb 2004: adv - italiano - poc - hgmcrash Client buffer overflow in Freespace 2 1.2 02 Mar 2004: adv - italiano - poc - fs2cbof Clients broadcast buffer overflow in Red Faction 1.20 01 Mar 2004: adv - italiano - poc - rfcbof Games servers crash and possible small privacy problem caused by Gamespy cd-key SDK several games vulnerables (before March 2004 but also some recents) Battlefield 1942, Contract Jack, Gore, Halo, Hidden & Dangerous 2, IGI 2: Covert Strike, Need For Speed Hot Pursuit 2, Tribes: Vengeance, TRON 2.0, ... 24 Feb 2004: adv - italiano - poc - more_stuff - gshboom Remote crash in Ghost Recon engine Ghost Recon, Desert Siege and The Sum of all Fears 24 Feb 2004: adv - italiano - poc - grboom Remote server crash in Team Factor 1.25 20 Feb 2004: adv - italiano - poc - tfboom Broadcast client buffer-overflow in Purge Jihad 2.0.1 16 Feb 2004: adv - italiano - poc - purge-cbof Denial of Service in Ratbag's game engine Dirt Track Racing, Dirt Track Racing Australia, Leadfoot, Dirt Track Racing Sprint Cars, Dirt Track Racing 2 and World of Outlaws Sprint Cars 11 Feb 2004: adv - italiano - poc - ratbagcpu Denial of Service in Monkey httpd 0.8.1 11 Feb 2004: adv - italiano - poc - monkeydos Remote crash of Chaser game 1.50 03 Feb 2004: adv - italiano - PoC for server - PoC for client - chasercrash Need for Speed Hot pursuit 2 242 broadcast client's buffer overflow 22 Jan 2004: adv - italiano - poc - nfshp2cbof Xitami 2.5c1 server crash and possible code execution through malformed SSI files 19 Jan 2004: poc - ssi-xitami Denial of service in Getware's built-in webserver (Webcam Live and Photohost) 19 Jan 2004: adv - italiano - poc - wcamdos Directories management bypassing in Goahead webserver 2.1.8 19 Jan 2004: adv - italiano - goahead2 Resources consumption in Goahead webserver 2.1.8 19 Jan 2004: adv - italiano - poc - goahead1 Multiple vulnerabilities in WWW Fileshare Pro 2.42 14 Jan 2004: adv - italiano - PoC bug 1 - PoC bug 2a - PoC bug 2b - wfshare Buffer-overflow in Jordan's telnet server 29 Dec 2003: adv - italiano - poc - jordwts Directory traversal bug in DCAM server 8.2.5 22 Dec 2003: adv - italiano - dcam Directory traversal and XSS in Active Webcam 4.3 19 Dec 2003: adv - italiano - activecam Server side scripts viewing in Goahead webserver 2.1.7 bug originally found by Richard Brain of Procheckup 17 Dec 2003: adv - italiano - goahead3 FAT32 directory auth bypass on Linux Abyssws 1.2 08 Dec 2003: adv - italiano - abyss-dot Surfboard 1.1.8 vulns 01 Dec 2003: adv - italiano - surfd Remote crash in the Serious Sam engine 30 Oct 2003: adv - italiano - poc - ssboom Medieval Total War 1.1 crash 07 Oct 2003: adv - italiano - poc - mtwdos-server Medieval Total War 1.1 Connection expired 07 Oct 2003: adv - italiano - poc - mtwexp-server Medieval Total War 1.1 client crash and directory traversal 07 Oct 2003: adv - italiano - poc - mtw2client Gamespy3d 263020 lets code execution through long IRC answer 30 Sep 2003: adv - italiano - poc - gs3d-ircbof Half-Life's client 1.1.1.0 format string (mail sent to vuln-dev) 29 Sep 2003: adv - italiano - poc - hlclientfs NULLhttpd 0.5.1 remote resources consumption 24 Sep 2003: adv - italiano - poc - nullhttpd-dos NULLhttpd 0.5.1 XSS through Bad request 24 Sep 2003: adv - italiano - poc - nullhttpd-xss SpeakFreely for Win 7.6a remote crash through malformed GIF 22 Sep 2003: adv - italiano - poc - sfwin-gif SpeakFreely for Win 7.6a spoofed DoS 22 Sep 2003: adv - italiano - poc - sfwin-dos GuildFTPd 0.999.5 partial directory traversal bug ?? Sep 2003: adv - italiano - guildftpd-dir Goahead 2.1.3 DoS through negative Content-Length 22 Sep 2003: adv - italiano - goahead-neg Winamp 2.91 lets code execution through MIDI files (IN_MIDI.DLL 3.01) 08 Sep 2003: adv - italiano - example - winamp-midi Rogerwilco: server's buffer overflow (1.4.1.6, 0.30a) 08 Sep 2003: adv - italiano - poc - wilco-recvbof Rogerwilco 1.4.1.2 and 1.4.1.6 remix of bugs 08 Sep 2003: adv - italiano - poc - wilco-remix Problems with the MODs of Half-Life 1.1.1.0 29 Jul 2003: adv - italiano - hlmods Half-Life servers: buffer-overflow and freeze (versions 1.1.1.0, 4.1.1.1c1 and 3.1.1.1c1) 29 Jul 2003: adv - italiano - poc - hlbof-server Half-Life broadcast client's buffer-overflow (versions 1.1.1.0) 29 Jul 2003: adv - italiano - poc - hlbof-client Broadcast buffer-overflow and server freeze in RogerWilco Mk.1d3 2001 02 Jul 2003: adv - poc - wilco Quake 3 con\con exploit (funny) 27 May 2003: adv - italiano - poc - q3concon UnrealTournament 2003 2199 client passive DoS 13 May 2003: adv - italiano - poc - ut2003pdos Abyss webserver X1 1.1.2 remote crash 05 Apr 2003: adv - articolo in italiano scritto riguardo al problema abyssx1 Emule 0.27b remote crash 25 Mar 2003: adv - italiano - poc - emule Edonkey and Overnet 0.45 resources consumption 21 Mar 2003: adv - italiano - poc - edonkey Some game master servers can be used as amplifiers 20 Feb 2003: adv - italiano - poc - msddos Unreal engine: results of my research DoS, DDoS, remote memory problems, execution of malicious code and more 05 Feb 2003: adv - italiano - PoC section - ueng Blade encoder 0.94.2 code execution 02 Feb 2003: adv - italiano - PoC wave - blade942 Savant 3.1 multiple vulnerabilities 13 Sep 2002: adv - italiano - PoC data - savant SWServer 2.2 directory traversal bug 28 Aug 2002: adv - italiano - swserver Blazix 1.2 jsp view and protected folder access 24 Aug 2002: adv - italiano - Blazix Abyss 1.0.3 (patch 2) directory traversal and administration bug 22 Aug 2002: adv - italiano - poc - abyss Bajie 0.95zvh index viewing and server scripts download 16 Aug 2002: adv - bajie Apache 2.0.39 directory traversal and path disclosure bug for not Unix systems 16 Aug 2002: adv - italiano - apache Lcc-win32 (all versions) privacy problem in Windows9x 02 Aug 2002: adv - italiano - lcc Pegasus Mail 4.01 DoS 24 Jul 2002: adv - italiano - poc - pegasus Popcorn mail client 1.20 multiple vulnerabilities 11 Jul 2002: adv - italiano - poc - popcorn Webtrends 3.1 script files view 03 Jun 2001: adv - webtrends CheckBo 1.56 multiple vulnerabilities 20 Apr 2001: adv - italiano - poc - checkbo Apache 1.3.15 Win32 anonymous DoS 12 Apr 2001: adv - italiano - apache1 |