CVE-2023-38312
https://notcve.org/view.php?id=CVE-2023-38312
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. Una vulnerabilidad de cruce de directorio en Valve Counter-Strike 8684 permite a un cliente (con acceso de control remoto a un servidor de juegos) leer archivos arbitrarios del servidor subyacente a través de la variable de consola motdfile. • https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-35855
https://notcve.org/view.php?id=CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Un desbordamiento de búfer en Counter-Strike a través de 8684 permite a un servidor de juegos ejecutar código arbitrario en la máquina de un cliente remoto modificando la variable de consola "lservercfgfile". • https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-15943 – Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2019-15943
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. La biblioteca vphysics.dll en Counter-Strike: Global Offensive versiones anteriores a 1.37.1.1, permite a atacantes remotos alcanzar la ejecución de código o la denegación de servicio mediante la creación de un servidor de juegos e invitar a una víctima a este servidor, porque un mapa diseñado es manejado inapropiadamente durante una llamada de memset. Counter-Strike Global Offensive (vphysics.dll) versions prior to 1.37.1.1 allow remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, using a crafted map that causes memory corruption. • https://www.exploit-db.com/exploits/47454 http://packetstormsecurity.com/files/154705/Counter-Strike-Global-Offensive-Code-Execution-Denial-Of-Service.html https://blog.counter-strike.net/index.php/category/updates https://github.com/bi7s/CVE/blob/master/CVE-2019-15943/README.md • CWE-787: Out-of-bounds Write •
CVE-2019-15944
https://notcve.org/view.php?id=CVE-2019-15944
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. En Counter-Strike: Global Offensive antes del 8/29/2019, los servidores de juegos comunitarios pueden mostrar HTML inseguro en un mensaje de desconexión. • https://blog.counter-strike.net/index.php/2019/08/25353 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2008-7203 – Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7203
Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets. Valve Software Half-Life Counter-Strike 1.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de múltiples paquetes de login manipulados. • https://www.exploit-db.com/exploits/4856 http://www.securityfocus.com/bid/27159 https://exchange.xforce.ibmcloud.com/vulnerabilities/39535 • CWE-399: Resource Management Errors •