CVSS: 8.3EPSS: 97%CPEs: 13EXPL: 0CVE-2010-1317 – Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1317
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. Desbordamiento de búfer basado en pila en la funcionalidad de autenticación en RealNetworks Helix Server y Helix Mobile Server v11.x, v12.x, y v13.x, permite a atacantes remotos tener un impacto inesperado a través de un dato base64-encodec inválido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the administrative web interface and is only present if it is configured to use NTLM. The vulnerability can be triggered by specifying invalid Base64 string within the Authorization header. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 78%CPEs: 9EXPL: 0CVE-2010-1319
https://notcve.org/view.php?id=CVE-2010-1319
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. Un desbordamiento de enteros en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite que los atacantes remotos ejecuten código arbitrario por medio de una petición con una longitud de una carga útil creada. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 94%CPEs: 9EXPL: 2CVE-2010-1318 – Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1318
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer en la región stack de la memoria en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. • https://www.exploit-db.com/exploits/12274 https://www.exploit-db.com/exploits/16452 http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 88%CPEs: 4EXPL: 3CVE-2009-2533 – Real Helix DNA - 'RTSP' / 'SETUP' Request Handler
https://notcve.org/view.php?id=CVE-2009-2533
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. rmserver en RealNetworks Helix Server y Helix Mobile Server anteriores a v13.0.0 permite a atacantes remotos provocar una denegación de servicio (finaliza el demonio) mediante una petición RTSP SET_PARAMETER múltiple con las cabeceras "DataConvertBuffer" vacías. • https://www.exploit-db.com/exploits/9198 http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf http://osvdb.org/55981 http://www.coresecurity.com/content/real-helix-dna http://www.exploit-db.com/exploits/9198 http://www.securityfocus.com/archive/1/505083/100/0/threaded http://www.securityfocus.com/bid/35731 http://www.vupen.com/english/advisories/2009/1947 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 88%CPEs: 5EXPL: 3CVE-2009-2534 – Real Helix DNA - 'RTSP' / 'SETUP' Request Handler
https://notcve.org/view.php?id=CVE-2009-2534
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI. RealNetworks Helix Server y Helix Mobile Server anterior a v13.0.0 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición RTSP SETUP (1) especificando la URI / o (2) no poniendo los caracteres / en la URI. • https://www.exploit-db.com/exploits/9198 http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf http://osvdb.org/55982 http://www.coresecurity.com/content/real-helix-dna http://www.exploit-db.com/exploits/9198 http://www.securityfocus.com/archive/1/505083/100/0/threaded http://www.securityfocus.com/bid/35732 http://www.vupen.com/english/advisories/2009/1947 • CWE-20: Improper Input Validation •