There are 12 CVE entries that match your search.
||ioquake3 before r2253 allows local users to overwrite arbitrary files
via a symlink attack on the /tmp/ioq3.pid temporary file.
||The ioQuake3 engine, as used in World of Padman 1.2 and earlier,
Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for
dangerous file extensions before writing to the quake3 directory,
which allows remote attackers to execute arbitrary code via a crafted
third-party addon that creates a Trojan horse DLL file, a different
vulnerability than CVE-2011-2764.
||The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the
ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin'
Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly
determine dangerous file extensions, which allows remote attackers to
execute arbitrary code via a crafted third-party addon that creates a
Trojan horse DLL file.
||sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in
World of Padman 1.5.x before 22.214.171.124 and OpenArena 0.8.x-15 and
0.8.x-16, allows remote game servers to execute arbitrary commands via
shell metacharacters in a long fs_game variable.
||server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762,
OpenArena, Tremulous, and other products, allows remote attackers to
cause a denial of service (network traffic amplification) via a
spoofed (1) getstatus or (2) rcon request.
||client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus
Quake 3 Engine (ioquake3) revision 810 and earlier allows remote
malicious servers to overwrite arbitrary write-protected cvars
variables on the client, such as cl_allowdownload for Automatic
Downloading and fs_homepath for the quake3 path, via a string of cvar
names and values sent from the server. NOTE: this can be combined with
another vulnerability to overwrite arbitrary files.
||The Automatic Downloading option in the id3 Quake 3 Engine and the
Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote
attackers to overwrite arbitrary files in the quake3 directory
(fs_homepath cvar) via a long string of filenames, as contained in the
||Stack-based buffer overflow in the CL_ParseDownload function of Quake
3 Engine 1.32c and earlier, as used in multiple products, allows
remote attackers to execute arbitrary code via a svc_download command
with compressed data that triggers the overflow during expansion.
||Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2)
Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b
allows remote attackers to execute arbitrary commands via a long
||Directory traversal vulnerability in Quake 3 engine, as used in
products including Quake3 Arena, Return to Castle Wolfenstein,
Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when
the sv_allowdownload cvar is enabled, allows remote attackers to read
arbitrary files from the server via ".." sequences in a .pk3 file
||Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier
allow remote attackers to cause a denial of service and possibly
execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF,
(4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10)
SMPP, and (11) TSP dissectors, which do not properly use the
tvb_get_nstringz and tvb_get_nstringz0 functions.
||Quake3 Arena allows malicious server operators to read or modify
files on a client via a dot dot (..) attack.