2 results (0.002 seconds)

CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 2

Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information. Crysis v1.21 y anteriores permite a atacantes remotos obtener información sensible del jugador como su IP mediante el envío de un paquete "keyexchange" sin un paquete previo "join", lo que produce que Crysis envíe un paquete desconectado incluyendo información del log no relacionada. • https://www.exploit-db.com/exploits/31918 http://aluigi.altervista.org/adv/crysislog-adv.txt http://osvdb.org/46260 http://secunia.com/advisories/30706 http://www.securityfocus.com/bid/29720 https://exchange.xforce.ibmcloud.com/vulnerabilities/43087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 11%CPEs: 3EXPL: 4

The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. El servicio HTTP/XML-RPC en Crysis v1.21 (versión del juego v1.1.1.6156) y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición larga HTTP, lo que provoca una desreferenciación de puntero nulo. • https://www.exploit-db.com/exploits/31931 http://aluigi.org/poc/dontcrysis.txt http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html http://osvdb.org/46261 http://secunia.com/advisories/30675 http://www.securityfocus.com/archive/1/493385/100/0/threaded http://www.securityfocus.com/bid/29759 https://exchange.xforce.ibmcloud.com/vulnerabilities/43126 •