Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2004-2594 | 5.0 |
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2593 | 7.5 |
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2597 | 5.0 |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2592 | 5.0 |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when p
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2599 | 2.1 |
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2596 | 5.0 |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2595 | 5.0 |
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the a
|
11-07-2017 - 01:32 | 31-12-2004 - 05:00 | |
CVE-2004-2598 | 5.0 |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notifie
|
05-09-2008 - 20:44 | 31-12-2004 - 05:00 |