###
Luigi Auriemma
Application: World in Conflict
http://www.worldinconflict.com
Versions: = 1.000
Platforms:Windows
Bug: access to NULL pointer
Exploitation: remote
###
Luigi Auriemma
Application: The Dawn of Time
http://www.dawnoftime.org
Versions: = 1.69s beta4 (and 1.69r too)
Platforms:*nix and Windows
Bug: format string
###
Luigi Auriemma
Application: Dropteam
http://www.battlefront.com/products/dropteam/news.html
Versions: = 1.3.3
Platforms:Windows, Linux and Mac
Bugs: A] format
###
Luigi Auriemma
Application: America's Army and America's Army Special Forces
http://www.americasarmy.com
Versions: = 2.8.2
Platforms:Windows, Linux and Mac
Bugs
###
Luigi Auriemma
Application: F.E.A.R. (First Encounter Assault Recon)
http://www.whatisfear.com
Versions: = 1.08
Platforms:Windows and Linux
Bug: format string
###
Luigi Auriemma
Application: Doom 3 engine
Games:Doom 3 (http://www.doom3.com)= 1.3.1
Quake 4(http://www.quake4game.com) = 1.4.2
###
Luigi Auriemma
Application: FSD
http://www.mcdu.com/en/download.php
Versions: = V2.052 d9 (original FSD) and V3.000 d9 (FSFDT FSD)
Platforms:Windows and *nix
Bugs
advisory since I have NOT performed
further and specific research except a new proof-of-concept) is
available here:
http://aluigi.org/adv/gmotor2-adv.txt
---
Luigi Auriemma
http://aluigi.org
http://mirror.aluigi.org
___
Full-Disclosure - We believe
###
Luigi Auriemma
Application: Alien Arena 2007
http://red.planetarena.org
Versions: = 6.10 and current SVN
Platforms:Windows and Linux
Bugs: A] in-game format string
###
Luigi Auriemma
Application: Doomsday
http://www.doomsdayhq.com
http://www.dengine.net
http://sourceforge.net/projects/deng/
Versions: = 1.9.0
###
Luigi Auriemma
Application: Skulltag
http://www.skulltag.com
Versions: = 0.97d-beta4.1
Platforms:Windows and Linux
Bug: heap-overflow
Exploitation: remote, versus
###
Luigi Auriemma
Application: Asura engine (network SDK)
http://www.rebellion.co.uk
Games:Rogue Trooper = 1.0
Prism: Guard
###
Luigi Auriemma
Application: Unreal engine
http://www.unrealtechnology.com
http://www.epicgames.com
Versions: this engine is used in many games like Unreal
###
Luigi Auriemma
Application: rFactor
http://www.rfactor.net
Versions: = 1.250
Platforms:Windows
Bugs: A] buffer-overflow
B] Connection lost crash
###
Luigi Auriemma
Application: Toribash
http://www.toribash.com
Versions: = 2.71
Platforms:Windows, Mac and Linux
Bugs: A] dedicated server format string
###
Luigi Auriemma
Application: Zoidcom
http://www.zoidcom.com
Versions: = 0.6.7 (some older version could be not vulnerable)
Platforms:Windows, Linux and Mac
Bug
###
Luigi Auriemma
Application: Babo Violent 2
http://www.rndlabs.ca
http://baboviolent.net
Versions: = 2.08.00
Platforms:Windows and Linux
Bugs
###
Luigi Auriemma
Application: Live for Speed
http://www.lfs.net
Versions: = 0.5X10
Platforms:Windows
Bugs: A] nickname buffer-overflow
B] partial track
###
Luigi Auriemma
Application: Conquest
http://www.radscan.com/conquest.html
Versions: = 8.2a (svn 691)
Platforms:*nix and Windows
Bugs: A] buffer-overflow
###
Luigi Auriemma
Application: Netrek
http://www.netrek.org
Versions: = 2.12.0 (Vanilla server)
Platforms:*nix and Windows
Bug: format string
Exploitation: remote
###
Luigi Auriemma
Applications: games developed by SimBin Development Team
http://www.simbin.se
Versions: GTR - FIA GT Racing Game = 1.5.0.0
###
Luigi Auriemma
Application: libmusicbrainz
http://musicbrainz.org/doc/libmusicbrainz
Versions: = 2.1.2 and = SVN 8406 (current SVN)
Platforms:Windows, *nix, *BSD, Mac
###
Luigi Auriemma
Application: AlsaPlayer
http://www.alsaplayer.org
Versions: = 0.99.76 and current CVS
Platforms:*nix and others
Bugs: A] buffer-overflow
###
Luigi Auriemma
Application: OpenMPT (aka MODPlug Tracker)
http://modplug.sourceforge.net
http://www.modplug.com
libmodplug
http
###
Luigi Auriemma
Application: DConnect Daemon
http://www.dc.ds.pg.gda.pl
Versions: = 0.7.0 and CVS = 30 Jul 2006
Platforms:Windows, *nix, *BSD and others
Bugs
###
Luigi Auriemma
Application: Open Cubic Player
http://www.cubic.org/player/
http://stian.lunafish.org/coding-ocp.php
Versions: DOS/Windows = 2.6.0pre6
###
Luigi Auriemma
Application: libmikmod
http://mikmod.raphnet.net
http://sourceforge.net/projects/mikmod/
Versions: = 3.2.2 and current CVS
versions
###
Luigi Auriemma
Application: Cheese Tracker
http://reduz.com.ar/cheesetracker/
http://sourceforge.net/projects/cheesetronic
Versions: = 0.9.9 and current CVS
###
Luigi Auriemma
Application: Warzone Resurrection
http://home.gna.org/warzone/
(Warzone 2100 http://www.strategyplanet.com/warzone2100/)
Versions: = 2.0.3 and SVN
###
Luigi Auriemma
Application: Freeciv
http://www.freeciv.org
Versions: = 2.1.0-beta1 and SVN = 15 Jul 2006
Platforms:Windows, *nix, *BSD, MacOS and more
Bugs
###
Luigi Auriemma
Application: UFO2000
http://ufo2000.sourceforge.net
Versions: = SVN 1057
Platforms:Windows, *nix, *BSD, Mac and more
Bugs: A] buffer-overflow
###
Luigi Auriemma
Application: Sparklet
http://sparklet.sourceforge.net
Versions: = 0.9.4try3
Platforms:Windows, *nix, *BSD and more
Bug: format string in client's
###
Luigi Auriemma
Application: Kaillera
http://www.kaillera.com
Versions: = 0.86
Platforms:Windows, Linux and FreeBSD
Bug: buffer-overflow
Exploitation: remote
###
Luigi Auriemma
Application: AdPlug
http://adplug.sourceforge.net
Versions: = 2.0 and CVS = 04 Jul 2006
Platforms:Windows, DOS, *nix, *BSD and more
Bugs: A] heap
during the same server session and don't know why).
BYEZ
---
Luigi Auriemma
http://aluigi.org
http://mirror.aluigi.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
###
Luigi Auriemma
Application: Quake 3 engine
http://www.idsoftware.com
http://www.icculus.org/quake3/
Versions: Quake 3 = 1.32c
###
Luigi Auriemma
Application: Quake 3 engine
http://www.idsoftware.com
http://www.icculus.org/quake3/
Versions: Quake 3 = 1.32c
###
Luigi Auriemma
Application: libextractor
http://gnunet.org/libextractor/
Versions: = 0.5.13 (rev 2832)
Platforms:*nix, *BSD, Windows and more
Bugs: A] heap
###
Luigi Auriemma
Application: Raydium
http://raydium.org
Versions: = SVN revision 309
(newer versions can be vulnerable to some of the bugs
which
###
Luigi Auriemma
Application: Genecys
http://www.genecys.org
Versions: = 0.2 and current CVS
Platforms:*nix and *BSD
Bugs: A] tell_player_surr_changes buffer
###
Luigi Auriemma
Application: Empire
http://www.wolfpackempire.com
http://sourceforge.net/projects/empserver
Versions: = 4.3.2
Platforms:Windows, *nix, *BSD
###
Luigi Auriemma
Application: Outgun
http://koti.mbnet.fi/outgun/
Versions: = 1.0.3 bot 2
Platforms:Windows, *nix, *BSD and more
Bugs: A] data_file_request buffer
###
Luigi Auriemma
Application: GNUnet
http://www.gnunet.org
Versions: = 0.7.0d and revision 2780
Platforms:Windows, *nix, *BSD, Mac and more
Bug: UDP socket
###
Luigi Auriemma
Application: OpenTTD
http://www.openttd.org
Versions: = 0.4.7
Platforms:Windows, *nix, *BSD, Mac and others
Bugs: A] program termination through big
-in webserver used for allowing the
clients to download the Java viewer.
The service runs on port 5800 and is enabled by default.
BYEZ
---
Luigi Auriemma
http://aluigi.altervista.org
___
Full-Disclosure - We believe in it.
Charter: http
###
Luigi Auriemma
Application: [EMAIL PROTECTED]
http://www.ultravnc.com
http://ultravnc.sourceforge.net
Versions: = 1.0.1 (and current CVS
###
Luigi Auriemma
Application: Doomsday engine
http://www.doomsdayhq.com
http://deng.sourceforge.net
Versions: = 1.8.6 (and current SVN 1.9.0)
Platforms:Windows
###
Luigi Auriemma
Application: Zdaemon
http://www.zdaemon.org
(and also X-Doom http://www.doom2.net/~xdoom/)
Versions: = 1.08.01
Platforms:Windows and Linux
###
Luigi Auriemma
Application: ENet library
http://enet.bespin.org
Versions: = Jul 2005 (it's the current CVS version)
Platforms:Windows, *nix, *BSD and more
Bugs
###
Luigi Auriemma
Application: Alien Arena 2006 Gold Edition
http://red.planetarena.org
Versions: = 5.00
Platforms:Windows and Linux
Bugs: A] safe_cprintf server
###
Luigi Auriemma
Application: Freeciv
http://www.freeciv.org
Versions: = 2.0.7
Platforms:Windows, *nix, *BSD, MacOS and more
Bug: bad memory allocation
Exploitation
###
Luigi Auriemma
Application: Sauerbraten engine
http://sauerbraten.org
Versions: = 2006_02_28 and current CVS
Platforms:Windows, *nix, *BSD and MacOS
Bugs
###
Luigi Auriemma
Application: Liero Xtreme
http://lieroxtreme.thegaminguniverse.com
Versions: = 0.62b
Platforms:Windows
Bugs: A] server crash/freeze
B
###
Luigi Auriemma
Application: Cube engine
http://www.cubeengine.com
Versions: = 2005_08_29
Platforms:Windows, *nix, *BSD and MacOS
Bugs: A] sgetstr() buffer-overflow
###
Luigi Auriemma
Application: Soldier of Fortune II with PunkBuster enabled
http://www.ravensoft.com/soldier2.html
http://www.PunkBuster.com
Versions: PB
###
Luigi Auriemma
Application: GO-Global for Windows
http://www.graphon.com/products/GO-GlobalforWindows.shtml
Versions: = 3.1.0.3270
Platforms:Server: Windows
###
Luigi Auriemma
Application: Glider collect'n kill
http://www.glider-game.com
Versions: 1.0.0.0
Platforms:Windows
Bug: buffer-overflow
Exploitation: remote, versus
###
Luigi Auriemma
Application: NeroNET
http://www.nero.com
Versions: = 1.2.0.2
Platforms:Windows
Bug: limited directory traversal
Exploitation: remote
Date
###
Luigi Auriemma
Application: Asus Video Security
http://www.asus.com/products1.aspx?l1=2share=icon/12
Versions: = 3.5.0.0
(the version number is chaotic, this one
###
Luigi Auriemma
Application: FlatFrag
http://www.tzi.de/~jfk/projects/flatfrag/
Versions: = 0.3
Platforms:Windows, Linux and more
Bugs: A] buffer-overflow
###
Luigi Auriemma
Application: Battle Carry
http://www.battlecarry.com
Versions: = .005
Platforms:Windows
Bug: socket termination
Exploitation: remote, versus server
in the retail game released in
October but also in the 1.01 patch released just 4 days ago.
The original advisory and proof-of-concept I released in the far December
2004 are available here:
http://aluigi.altervista.org/adv/lithsock-adv.txt
http://aluigi.altervista.org/poc/lithsock.zip
---
Luigi
###
Luigi Auriemma
Application: Virtools Web Player and probably also other applications
which can read the Virtools files but I can't test
http://www.virtools.com
###
Luigi Auriemma
Application: MultiTheftAuto
http://www.multitheftauto.com
Versions: = 0.5 patch 1
Platforms:Windows, Linux, FreeBSD and OpenBSD
Bugs: A] anyone can
###
Luigi Auriemma
Application: BFCommand Control Server Manager
http://www.bfcommandcontrol.org
Versions: BFCC = 1.22_A
BFVCC = 2.14_B
BFVCCDaemon
###
Luigi Auriemma
Application: Chris Moneymaker's World Poker Championship
http://moneymakergaming.com
Versions: 1.0
Platforms:Windows
Bug: buffer-overflow
###
Luigi Auriemma
Application: NetPanzer
http://netpanzer.berlios.de
Versions: = 0.8
Platforms:Windows, Linux and Mac
Bugs: endless loop
Exploitation: remote, versus
###
Luigi Auriemma
Application: Stronghold 2
http://www.stronghold2.com
Versions: = 1.2
Platforms:Windows
Bug: exception/crash
Exploitation: remote, versus server
###
Luigi Auriemma
Application: C'Nedra
http://www.cnedra.org
Versions: = 0.4.0
Platforms:Windows and Unix
Bug: buffer-overflow in READ_TCP_STRING
Exploitation
###
Luigi Auriemma
Application: Halo: Combat Evolved
http://www.microsoft.com/games/pc/halo.aspx
Versions: = 1.06 and Custom Edition 1.00
Platforms:Windows
Bug
###
Luigi Auriemma
Application: Warrior Kings: Battles
http://www.warriorkingsbattles.com
Warrior Kings
http://www.empireinteractive.com/games
###
Luigi Auriemma
Application: Zoidcom
http://www.zoidcom.com
Versions: = 1.0 beta 4
Platforms:Windows and Linux
Bug: access to unallocated memory
Exploitation
###
Luigi Auriemma
Application: Gamespy cd-key validation system
http://www.gamespy.net
Games:The amount of games that use this system is really huge,
a small
###
Luigi Auriemma
Application: Gamespy cd-key validation system
http://www.gamespy.net
Games:The amount of games that use this system is really huge,
a small
###
Luigi Auriemma
Application: Mtp-Target
http://www.mtp-target.org
Versions: = 1.2.2
Platforms:Windows and Linux
Bugs: A] clients format string
B
###
Luigi Auriemma
Application: Yager
http://www.yager-game.de
Versions: = 5.24
Platforms:Windows
Bugs: A] nickname buffer-overflow
B] data block buffer
###
Luigi Auriemma
Application: Quake 3 engine
http://www.idsoftware.com
Vulnerables: - Call of Duty = 1.5
- Call of Duty: United
###
Luigi Auriemma
Applications: Call of Duty = 1.5b
Call of Duty: United Offensive = 1.51b
http://www.callofduty.com
Platforms:Windows only
101 - 178 of 178 matches
Mail list logo