jedi-academy

ioquake/jedi-academy

Fork 0

mirror of https://github.com/ioquake/jedi-academy.git synced 2025-02-19 18:41:45 +00:00

Commit graph

Author	SHA1	Message	Date
Jonathan Gray	85caaddab4	CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. from Thilo Schulz in ioquake3 svn 777 git 60293f49ee8c665673202e80ecd103f13a9fa6ab Fix bug that permits download of arbitrary files from a download enabled server by checking requested file name against the list of loaded pk3 files. See CVE-2006-2082	2013-05-07 22:18:44 +10:00
Jonathan Gray	039ef2cb4a	ditch dos style newlines	2013-04-23 15:21:39 +10:00
James Monroe	684d1bcb3b	Jedi Academy Release	2013-04-04 17:35:38 -05:00

Author

SHA1

Message

Date

Jonathan Gray

85caaddab4

CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine

CVE-2006-2082
Directory traversal vulnerability in Quake 3 engine, as used in products
including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy
Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload
cvar is enabled, allows remote attackers to read arbitrary files from
the server via ".." sequences in a .pk3 file request.

from Thilo Schulz in ioquake3
svn 777 git 60293f49ee8c665673202e80ecd103f13a9fa6ab

Fix bug that permits download of arbitrary files from a download enabled
server by checking requested file name against the list of loaded pk3
files. See CVE-2006-2082

2013-05-07 22:18:44 +10:00

Jonathan Gray

039ef2cb4a

ditch dos style newlines

2013-04-23 15:21:39 +10:00

James Monroe

684d1bcb3b

Jedi Academy Release

2013-04-04 17:35:38 -05:00

3 commits