Raven · Star Trek Voyager: Elite Force · CVE-2006-2082
**Name of the Vulnerable Software and Affected Versions**
Quake 3 engine (affected versions not specified)
**Description**
The issue allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request when the `sv allowdownload` cvar is enabled. This affects products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.