CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 2CVE-2008-6737 – Crysis 1.21 - 'keyexchange' Packet Information Disclosure
https://notcve.org/view.php?id=CVE-2008-6737
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. Crysis v1.21 y anteriores permite a atacantes remotos obtener información sensible del jugador como su IP mediante el envío de un paquete "keyexchange" sin un paquete previo "join", lo que produce que Crysis envíe un paquete desconectado incluyendo información del log no relacionada. • https://www.exploit-db.com/exploits/31918 http://aluigi.altervista.org/adv/crysislog-adv.txt http://osvdb.org/46260 http://secunia.com/advisories/30706 http://www.securityfocus.com/bid/29720 https://exchange.xforce.ibmcloud.com/vulnerabilities/43087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 4CVE-2008-6712 – Crysis 1.21 - HTTP/XML-RPC Service Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-6712
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. El servicio HTTP/XML-RPC en Crysis v1.21 (versión del juego v1.1.1.6156) y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición larga HTTP, lo que provoca una desreferenciación de puntero nulo. • https://www.exploit-db.com/exploits/31931 http://aluigi.org/poc/dontcrysis.txt http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html http://osvdb.org/46261 http://secunia.com/advisories/30675 http://www.securityfocus.com/archive/1/493385/100/0/threaded http://www.securityfocus.com/bid/29759 https://exchange.xforce.ibmcloud.com/vulnerabilities/43126 •
CVSS: 6.0EPSS: 1%CPEs: 1EXPL: 1CVE-2008-1127 – Crysis 1.1.1.5879 - Remote Format String Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-1127
Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. Vulnerabilidad de cadena de formato en la función cryactio en Crysis 1.1.1.5879 permite a usuarios remotos autenticados ejecutar código de su elección a través de cadenas de formato especificadas en el nombre de usuario, lo cual es disparado cuando el carácter game es eliminado. • https://www.exploit-db.com/exploits/5201 http://secunia.com/advisories/29155 http://www.securityfocus.com/bid/28039 http://www.vupen.com/english/advisories/2008/0735 • CWE-134: Use of Externally-Controlled Format String •