Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote malicious users to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
id software quake ii server windows 3.20 |
||
id software quake ii server windows 3.21 |