8 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en RealNetworks Helix Server y Helix Mobile Server 14.x anteriores a v14.3.x, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que provocan una denegación de servicio consumo de pila y caída del demonio, a través de una URL manipulada. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74678 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. master.exe en SNMP Master Agent en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x permite a atacantes remotos provocar una denegación de servicio (excepción no contemplada y caída del demonio) a través de una petición Open_PDU que provoca un proceso Displaystring incorrecto, es diferente a CVE-2012-1923. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://secunia.com/secunia_research/2012-9 http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 0

Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. Desbordamiento de búfer en rn5auth.dll en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x permite a atacantes remotos ejecutar código a través de credenciales de autenticación manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the GetNameValuePair() function calls strcpy, there is an unbounded copy into a stack buffer, which can lead to stack memory corruption. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. master.exe en SNMP Master Agent en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x permite a atacantes remotos provocar una denegación de servicio (caída del demonio) estableciendo y cerrando una conexión con el puerto TCP 705, es una vulnerabilidad diferente a CVE-2012-1923. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://secunia.com/secunia_research/2012-9 http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74674 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •