NuytsTech Security

CVE-2004-2594

by ·

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as demonstrated by "download /server.cfg".

Date published : 2005-11-28

http://www.securityfocus.com/bid/11551

http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html

Tags: