CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2627 – EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2627
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. Múltiples vulnerabilidades de salto de directorio en el motor de Refractor 2, tal como se utiliza en Battlefield 2 v1.50 (v1.5.3153-802.0) y anteriores, y Battlefield 2142 (v1.10.48.0) y anteriores, permiten a servidores remotos sobrescribir archivos arbitrarios en el cliente a través de secuencias "..\"(punto-punto-barra invertida) en las direcciones URL de (1) el patrocinador (2) logotipos de la comunidad y otras URL relacionadas con (3) DemoDownloadURL, (4) DemoIndexURL y (5) CustomMapsURL. • https://www.exploit-db.com/exploits/14267 http://aluigi.altervista.org/adv/bf2urlz-adv.txt http://osvdb.org/65863 http://secunia.com/advisories/40334 http://www.securityfocus.com/bid/41262 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 2CVE-2008-6737 – Crysis 1.21 - 'keyexchange' Packet Information Disclosure
https://notcve.org/view.php?id=CVE-2008-6737
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. Crysis v1.21 y anteriores permite a atacantes remotos obtener información sensible del jugador como su IP mediante el envío de un paquete "keyexchange" sin un paquete previo "join", lo que produce que Crysis envíe un paquete desconectado incluyendo información del log no relacionada. • https://www.exploit-db.com/exploits/31918 http://aluigi.altervista.org/adv/crysislog-adv.txt http://osvdb.org/46260 http://secunia.com/advisories/30706 http://www.securityfocus.com/bid/29720 https://exchange.xforce.ibmcloud.com/vulnerabilities/43087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 4CVE-2008-6712 – Crysis 1.21 - HTTP/XML-RPC Service Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-6712
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. El servicio HTTP/XML-RPC en Crysis v1.21 (versión del juego v1.1.1.6156) y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición larga HTTP, lo que provoca una desreferenciación de puntero nulo. • https://www.exploit-db.com/exploits/31931 http://aluigi.org/poc/dontcrysis.txt http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html http://osvdb.org/46261 http://secunia.com/advisories/30675 http://www.securityfocus.com/archive/1/493385/100/0/threaded http://www.securityfocus.com/bid/29759 https://exchange.xforce.ibmcloud.com/vulnerabilities/43126 •