CVSS: 9.3EPSS: 7%CPEs: 10EXPL: 0CVE-2010-4596
https://notcve.org/view.php?id=CVE-2010-4596
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. Desbordamiento de búfer basado en pila en RealNetworks Helix Server v12.x, v13.x, v14.x, y antes de v14.2, y Helix Mobile Server v12.x, v13.x, v14.x, y antes de v14.2, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga en una petición RTSP. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=899 http://www.securityfocus.com/bid/47109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 6%CPEs: 10EXPL: 0CVE-2010-4235 – RealNetworks Helix Server x-wap-profile Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4235
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. Vulnerabilidad de formato de cadena en RealNetworks Helix Server v12.x, v13.x, y v14.x antes de v14.2, y Helix Mobile Server v12.x, v13.x, y v14.x antes de 14.2, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionado con el encabezado HTTP x-wap-perfil. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is active by default on all Helix Server installations. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://www.securityfocus.com/bid/47110 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 97%CPEs: 13EXPL: 0CVE-2010-1317 – Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1317
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data. Desbordamiento de búfer basado en pila en la funcionalidad de autenticación en RealNetworks Helix Server y Helix Mobile Server v11.x, v12.x, y v13.x, permite a atacantes remotos tener un impacto inesperado a través de un dato base64-encodec inválido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Helix Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication provided by the administrative web interface and is only present if it is configured to use NTLM. The vulnerability can be triggered by specifying invalid Base64 string within the Authorization header. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 78%CPEs: 9EXPL: 0CVE-2010-1319
https://notcve.org/view.php?id=CVE-2010-1319
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length. Un desbordamiento de enteros en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite que los atacantes remotos ejecuten código arbitrario por medio de una petición con una longitud de una carga útil creada. • http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 94%CPEs: 9EXPL: 2CVE-2010-1318 – Multiple Vendor AgentX++ - Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1318
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer en la región stack de la memoria en la función AgentX::receive_agentx en AgentX++ versión 1.4.16, tal y como es usado en RealNetworks Helix Server y Helix Mobile Server versión 11.x hasta 13.x y otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. • https://www.exploit-db.com/exploits/12274 https://www.exploit-db.com/exploits/16452 http://secunia.com/advisories/39279 http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf http://www.securityfocus.com/bid/39490 http://www.vupen.com/english/advisories/2010/0889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •