CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 0CVE-2012-0942 – RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0942
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. Desbordamiento de búfer en rn5auth.dll en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x permite a atacantes remotos ejecutar código a través de credenciales de autenticación manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Real Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within rn4auth.dll, which is responsible for parsing authentication credentials. When the GetNameValuePair() function calls strcpy, there is an unbounded copy into a stack buffer, which can lead to stack memory corruption. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2267
https://notcve.org/view.php?id=CVE-2012-2267
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. master.exe en SNMP Master Agent en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x permite a atacantes remotos provocar una denegación de servicio (caída del demonio) estableciendo y cerrando una conexión con el puerto TCP 705, es una vulnerabilidad diferente a CVE-2012-1923. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://secunia.com/secunia_research/2012-9 http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74674 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1984
https://notcve.org/view.php?id=CVE-2012-1984
Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 96%CPEs: 6EXPL: 0CVE-2012-1923
https://notcve.org/view.php?id=CVE-2012-1923
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. RealNetworks Helix Server y Helix Mobile Server v14.x anteriores a v14.3.x almacena las contraseñas en texto plano lo que permite a los usuarios locales a obtener información sensible leyendo la base de datos. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0062.html http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf http://secunia.com/secunia_research/2012-8 http://www.securityfocus.com/bid/52929 http://www.securitytracker.com/id?1026898 https://exchange.xforce.ibmcloud.com/vulnerabilities/74673 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2CVE-2012-1904 – RealPlayer - '.mp4' file handling memory Corruption
https://notcve.org/view.php?id=CVE-2012-1904
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. mp4fformat.dll en el complemento QuickTime File Format de RealNetworks RealPlayer v15 y anteriores, y RealPlayer SP v1.1.4 Build 12.0.0.756 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18661 http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html http://secunia.com/advisories/49193 http://www.securitytracker.com/id?1027076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •