ioquake/jedi-academy
0
0
Fork 0
mirror of https://github.com/ioquake/jedi-academy.git synced 2025-02-10 14:20:36 +00:00
Code Issues Projects Releases Packages Wiki Activity
jedi-academy/codemp/server
History
Jonathan Gray 85caaddab4 CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine 
CVE-2006-2082
Directory traversal vulnerability in Quake 3 engine, as used in products
including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy
Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload
cvar is enabled, allows remote attackers to read arbitrary files from
the server via ".." sequences in a .pk3 file request.

from Thilo Schulz in ioquake3
svn 777 git 60293f49ee8c665673202e80ecd103f13a9fa6ab

Fix bug that permits download of arbitrary files from a download enabled
server by checking requested file name against the list of loaded pk3
files. See CVE-2006-2082
2013-05-07 22:18:44 +10:00
..
NPCNav remove the use of 'typedef enum' without an indentifier 2013-05-02 13:47:50 +10:00
exe_headers.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
server.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_bot.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_ccmds.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_client.cpp CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine 2013-05-07 22:18:44 +10:00
sv_game.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_init.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_main.cpp CVE-2005-0983 Fixed q3msgboom 2013-05-07 22:18:44 +10:00
sv_net_chan.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_snapshot.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
sv_world.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00