Vulnerabilities > CVE-2004-2594 - Unspecified vulnerability in ID Software Quake II Server Windows 3.20/3.21
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
- http://secunia.com/advisories/13013
- http://secunia.com/advisories/13013
- http://secur1ty.net/advisories/001
- http://secur1ty.net/advisories/001
- http://securitytracker.com/id?1011979
- http://securitytracker.com/id?1011979
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
- http://www.osvdb.org/11183
- http://www.osvdb.org/11183
- http://www.securityfocus.com/bid/11551
- http://www.securityfocus.com/bid/11551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17892