CVSS: 2.1EPSS: 96%CPEs: 6EXPL: 0CVE-2012-1923
https://notcve.org/view.php?id=CVE-2012-1923
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x almacena las contraseñas en texto plano lo que permite a los usuarios locales a obtener información sensible leyendo la base de datos. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0062.html http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://secunia.com/secunia_research/2012-8 http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74673 • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 7%CPEs: 10EXPL: 0CVE-2010-4596
https://notcve.org/view.php?id=CVE-2010-4596
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. Desbordamiento de búfer basado en pila en RealNetworks Helix Server v12.x, v13.x, v14.x, y antes de v14.2, y Helix Mobile Server v12.x, v13.x, v14.x, y antes de v14.2, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga en una petición RTSP. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=899 http://www.securityfocus.com/bid/47109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 6%CPEs: 10EXPL: 0CVE-2010-4235 – RealNetworks Helix Server x-wap-profile Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4235
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. Vulnerabilidad de formato de cadena en RealNetworks Helix Server v12.x, v13.x, y v14.x antes de v14.2, y Helix Mobile Server v12.x, v13.x, y v14.x antes de 14.2, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionado con el encabezado HTTP x-wap-perfil. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is active by default on all Helix Server installations. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://www.securityfocus.com/bid/47110 • CWE-134: Use of Externally-Controlled Format String •