CVSS: 7.8EPSS: 15%CPEs: 4EXPL: 3CVE-2008-4243 – Unreal Tournament 3 1.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4243
25 Sep 2008 — Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en ImageServer (también conocida como UTImageServer) en WebAdmin anterior a v1.7 para Epic Games Unreal Tournament 3 (UT3) v1.3, permite a atacantes remotos leer archivos de su elección a través de .."punto punto) en la URI. • https://www.exploit-db.com/exploits/6506 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 24%CPEs: 3EXPL: 1CVE-2008-3409 – Unreal Tournament 3 - Memory Corruption (Denial of Service)
https://notcve.org/view.php?id=CVE-2008-3409
31 Jul 2008 — Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c. Desbordamiento de búfer en Unreal Tournament 3 1.3beta4 y anteriores, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria o caída de demonio) o posiblemente,... • https://www.exploit-db.com/exploits/32127 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2008-3410
https://notcve.org/view.php?id=CVE-2008-3410
31 Jul 2008 — Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. Unreal Tournament 3 1.3beta4 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo o caída del demonio) mediante un paquete UDP en el que el valor del tamaño de cierto campo es superior a la long... • http://aluigi.altervista.org/adv/ut3mendo-adv.txt • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •