4 results (0.006 seconds)

CVSS: 8.3EPSS: 97%CPEs: 13EXPL: 0

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. Desbordamiento de búfer basado en pila en la funcionalidad de autenticación en RealNetworks Helix Server y Helix Mobile Server v11.x, v12.x, y v13.x, permite a atacantes remotos tener un impacto inesperado a través de un dato base64-encodec inválido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the administrative web interface and is only present if it is configured to use NTLM. The vulnerability can be triggered by specifying invalid Base64 string within the Authorization header. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 42%CPEs: 5EXPL: 0

Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. Desbordamiento de búfer basado en pila en los servicios RTSP en Helix DNA Server anterior a 11.1.4 permite a atacantes remotos ejecutar código de su elección a través de una comando RSTP contieniendo múltiples cabeceras Require. • http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt http://marc.info/?l=full-disclosure&m=118800391412961&w=2 http://secunia.com/advisories/26609 http://securityreason.com/securityalert/3069 http://www.securityfocus.com/bid/25440 http://www.securitytracker.com/id?1018605 http://www.vupen.com/english/advisories/2007/2986 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 90%CPEs: 6EXPL: 1

Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field. Desbordamiento de búfer basado en montículo en Helix DNA Server 11.0 y 11.1 tiene impacto y vectores de ataque desconocidos, como ha sido demostrado por cierto módulo de VulnDisco Pack. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos únicamente de información de terceros. Desde el 18/11/2006, esta revelación no tiene información accionable. Sin embargo, debido a que el autor de VulnDisco Pack es un investigador de confianza, a este asunto le ha sido asignado un identificador CVE con propósitos de seguimiento. • https://www.exploit-db.com/exploits/3531 http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf http://gleg.net/helix.txt http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html http://secunia.com/advisories/22944 http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml http://www.attrition.org/pipermail/vim/2007-March/001459.html http://www.attrition.org/pipermail/vim/2007-March/001468.html http://www.securityfocus.com/arch • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 23%CPEs: 2EXPL: 0

Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". Desbordamiento de búfer basado en memoria dinámica -heap- en RealNetworks Helix DNA Server v10.0 y v11.0 permite a atacantes remotos ejecutar código de su elección a través de (1)una cabecera larga HTTP User-Agent en el servicio RTSP y (2) vectores no especificados que incluyen "parsing of HTTP URL schemes". • http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html http://labs.musecurity.com/advisories/MU-200606-01.txt http://secunia.com/advisories/20784 http://securitytracker.com/id?1016365 http://www.osvdb.org/26799 http://www.securityfocus.com/bid/18606 http://www.vupen.com/english/advisories/2006/2521 https://exchange.xforce.ibmcloud.com/vulnerabilities/27316 https://exchange.xforce.ibmcloud.com/vulnerabilities/27317 •