CVE-2005-0192
https://notcve.org/view.php?id=CVE-2005-0192
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename. • http://marc.info/?l=bugtraq&m=109707741022291&w=2 http://marc.info/?l=bugtraq&m=110616302008401&w=2 http://service.real.com/help/faq/security/040928_player/EN http://www.ngssoftware.com/advisories/real-03full.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18984 •
CVE-2005-0190
https://notcve.org/view.php?id=CVE-2005-0190
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension. • http://marc.info/?l=bugtraq&m=109707741022291&w=2 http://marc.info/?l=bugtraq&m=110616160228843&w=2 http://secunia.com/advisories/12672 http://service.real.com/help/faq/security/040928_player/EN http://www.ngssoftware.com/advisories/real-02full.txt http://www.securityfocus.com/bid/11308 https://exchange.xforce.ibmcloud.com/vulnerabilities/17551 •
CVE-2004-0273
https://notcve.org/view.php?id=CVE-2004-0273
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. Vulnerabilidad de atravesamiento de directorios en RealOne Player, RealOne Player 2.0, y RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs. • http://marc.info/?l=bugtraq&m=107642978524321&w=2 http://service.real.com/help/faq/security/040123_player/EN http://www.kb.cert.org/vuls/id/514734 http://www.securityfocus.com/bid/9580 https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2004-0258
https://notcve.org/view.php?id=CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. Múltiples desbordamientos de búfer en RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, y RealPlayer Enterprise permiten a atacantes remotos ejecutar código de su elección mediante ficheros 1) .RP, (2) .RT, (3) .RAM, (4) .RPM o (5) .SMIL malformados. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html http://marc.info/?l=bugtraq&m=107608748813559&w=2 http://www.ciac.org/ciac/bulletins/o-075.shtml http://www.kb.cert.org/vuls/id/473814 http://www.nextgenss.com/advisories/realone.txt http://www.securityfocus.com/bid/9579 http://www.service.real.com/help/faq/security/040123_player/EN https://exchange.xforce.ibmcloud.com/vulnerabilities/15040 •
CVE-2002-0207 – RealPlayer 7.0/8.0 - Media File Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0207
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. Desbordamiento del búfer en la aplicación Real Networks RealPlayer 8.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario usando un valor de longitud de cabecera que excede la longitud actual de cabecera. • https://www.exploit-db.com/exploits/21207 http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html http://online.securityfocus.com/archive/1/252414 http://online.securityfocus.com/archive/1/252425 http://sentinelchicken.com/advisories/realplayer http://www.iss.net/security_center/static/7839.php http://www.securityfocus.com/bid/3809 •