Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | arcade | * |
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | roger_wilco_dedicated_server | 0.29 |
| gamespy | roger_wilco_graphical_server | 1.4.1.5 |
| gamespy | roger_wilco_graphical_server | 1.4.1.2 |
| gamespy | roger_wilco_dedicated_server | 0.27 |
| gamespy | roger_wilco_dedicated_server | 0.26 |
| gamespy | roger_wilco_graphical_server | 1.4.1.4 |
| gamespy | roger_wilco_graphical_server | 1.4.1.3 |
| gamespy | roger_wilco_dedicated_server | 0.28 |
| gamespy | roger_wilco_graphical_server | 1.4.1.6 |
| gamespy | roger_wilco_dedicated_server | 0.30a |
| gamespy | roger_wilco_graphical_server | 1.4.1.1 |
Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | roger_wilco_dedicated_server | 0.29 |
| gamespy | roger_wilco_graphical_server | 1.4.1.5 |
| gamespy | roger_wilco_graphical_server | 1.4.1.2 |
| gamespy | roger_wilco_dedicated_server | 0.27 |
| gamespy | roger_wilco_dedicated_server | 0.26 |
| gamespy | roger_wilco_graphical_server | 1.4.1.4 |
| gamespy | roger_wilco_graphical_server | 1.4.1.3 |
| gamespy | roger_wilco_dedicated_server | 0.28 |
| gamespy | roger_wilco_graphical_server | 1.4.1.6 |
| gamespy | roger_wilco_dedicated_server | 0.30a |
| gamespy | roger_wilco_graphical_server | 1.4.1.1 |
The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | roger_wilco_dedicated_server | 0.29 |
| gamespy | roger_wilco_dedicated_server | 0.27 |
| gamespy | roger_wilco_dedicated_server | 0.28 |
| gamespy | roger_wilco_graphical_server | 1.4.1.6 |
| gamespy | roger_wilco_graphical_server | 1.4.1.5 |
| gamespy | roger_wilco_graphical_server | 1.4.1.2 |
| gamespy | roger_wilco | 1.4.1.6 |
| gamespy | roger_wilco_dedicated_server | 0.26 |
| gamespy | roger_wilco_graphical_server | 1.4.1.4 |
| gamespy | roger_wilco_graphical_server | 1.4.1.3 |
| gamespy | roger_wilco | 1.4.1.2 |
| gamespy | roger_wilco_dedicated_server | 0.30a |
| gamespy | roger_wilco_graphical_server | 1.4.1.1 |
| gamespy | roger_wilco_mark | 1d3 |
GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | cd-key_validation_system | * |
Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gamespy | gamespy_sdk_cd-key_validation_toolkit | * |