CVE-2006-6026 – Helix Server 11.0.1 (Windows 2000 SP4) - Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2006-6026
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field. Desbordamiento de búfer basado en montículo en Helix DNA Server 11.0 y 11.1 tiene impacto y vectores de ataque desconocidos, como ha sido demostrado por cierto módulo de VulnDisco Pack. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos únicamente de información de terceros. Desde el 18/11/2006, esta revelación no tiene información accionable. Sin embargo, debido a que el autor de VulnDisco Pack es un investigador de confianza, a este asunto le ha sido asignado un identificador CVE con propósitos de seguimiento. • https://www.exploit-db.com/exploits/3531 http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf http://gleg.net/helix.txt http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html http://secunia.com/advisories/22944 http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml http://www.attrition.org/pipermail/vim/2007-March/001459.html http://www.attrition.org/pipermail/vim/2007-March/001468.html http://www.securityfocus.com/arch • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3276
https://notcve.org/view.php?id=CVE-2006-3276
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". Desbordamiento de búfer basado en memoria dinámica -heap- en RealNetworks Helix DNA Server v10.0 y v11.0 permite a atacantes remotos ejecutar código de su elección a través de (1)una cabecera larga HTTP User-Agent en el servicio RTSP y (2) vectores no especificados que incluyen "parsing of HTTP URL schemes". • http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html http://labs.musecurity.com/advisories/MU-200606-01.txt http://secunia.com/advisories/20784 http://securitytracker.com/id?1016365 http://www.osvdb.org/26799 http://www.securityfocus.com/bid/18606 http://www.vupen.com/english/advisories/2006/2521 https://exchange.xforce.ibmcloud.com/vulnerabilities/27316 https://exchange.xforce.ibmcloud.com/vulnerabilities/27317 •
CVE-2004-0774
https://notcve.org/view.php?id=CVE-2004-0774
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. RealNetworks Helix Universal Server 9.0.2 para Linux y 9.0.3 for Windows permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU) mediante peticiones POST con una cabecera Content-Length puesta a -1. • http://www.idefense.com/application/poi/display?id=151&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/17648 •
CVE-2004-0389 – Real Networks Helix Universal Server 9.0.x - Denial of Service
https://notcve.org/view.php?id=CVE-2004-0389
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. • https://www.exploit-db.com/exploits/24010 http://secunia.com/advisories/11395 http://www.idefense.com/application/poi/display?id=102&type=vulnerabilities http://www.securityfocus.com/bid/10157 https://exchange.xforce.ibmcloud.com/vulnerabilities/15880 • CWE-476: NULL Pointer Dereference •
CVE-2004-0049
https://notcve.org/view.php?id=CVE-2004-0049
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. Helix Universal Server/Proxy 9 y Mobile Server 10 permite a atacantes remotos causar una denegación de servicio mediante ciertos mensajes HTTP POST al puerto de Administración del Sistema. • http://seclists.org/lists/vulnwatch/2004/Jan-Mar/0057.html http://service.real.com/help/faq/security/040112_dos http://service.real.com/help/faq/security/security022604.html http://www.securityfocus.com/archive/1/357834 http://www.securityfocus.com/bid/9421 •