Описание
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as demonstrated by "download /server.cfg".
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as demonstrated by "download /server.cfg".
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-2594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17892
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
- http://secunia.com/advisories/13013
- http://secur1ty.net/advisories/001
- http://securitytracker.com/id?1011979
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2
- http://www.osvdb.org/11183
- http://www.securityfocus.com/bid/11551
EPSS
CVE ID
Связанные уязвимости
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Absolute path traversal vulnerability in Quake II server before R1Q2 o ...
EPSS