Search criteria
12 vulnerabilities found for helix_dna_server by realnetworks
FKIE_CVE-2010-1317
Vulnerability from fkie_nvd - Published: 2010-04-20 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_dna_server | 11.0 | |
| realnetworks | helix_dna_server | 11.1 | |
| realnetworks | helix_dna_server | 11.1.2 | |
| realnetworks | helix_dna_server | 11.1.3 | |
| realnetworks | helix_dna_server | 12.0 | |
| realnetworks | helix_dna_server | 13.0 | |
| realnetworks | helix_server | 11.0 | |
| realnetworks | helix_server | 11.1 | |
| realnetworks | helix_server | 12.0.0 | |
| realnetworks | helix_server | 13.0.0 | |
| realnetworks | helix_server_mobile | 11.0 | |
| realnetworks | helix_server_mobile | 12.0.0 | |
| realnetworks | helix_server_mobile | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA85105-4EEB-408B-8F49-DB53CFA74B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C146CADF-9F82-41F6-9351-A5A9E283F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29AEFF-C8B6-4142-8B55-1670843B5B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92FDC239-FB0D-4DB7-AA2E-D97CC702FDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D908992-FB57-4179-80EC-24834D96EF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BAAA23-D267-45C2-8989-AD9DE4854217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A30A2490-21FC-4C0D-80A3-B89E6F58E93A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2954F6FF-357E-4E76-B135-DECDED4241B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0890EDD4-63FF-43EC-9EC4-852B34E00F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAFCD3-1B0A-47D3-9A52-F239A2DD5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F01F2C-036C-4B6E-B66D-F0870801D397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB773CC-C81C-424A-9493-4CAD2E0E8262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server_mobile:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8EAA7F-6191-4B5B-AE3C-335C6D5897E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funcionalidad de autenticaci\u00f3n en RealNetworks Helix Server y Helix Mobile Server v11.x, v12.x, y v13.x, permite a atacantes remotos tener un impacto inesperado a trav\u00e9s de un dato base64-encodec inv\u00e1lido. \r\n"
}
],
"id": "CVE-2010-1317",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T15:30:00.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39279"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4561
Vulnerability from fkie_nvd - Published: 2007-08-28 01:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_dna_server | 10.0 | |
| realnetworks | helix_dna_server | 11.0 | |
| realnetworks | helix_dna_server | 11.1 | |
| realnetworks | helix_dna_server | 11.1.2 | |
| realnetworks | helix_dna_server | 11.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF76B16-1FFB-49BF-A4B6-F4A5330C4C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA85105-4EEB-408B-8F49-DB53CFA74B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C146CADF-9F82-41F6-9351-A5A9E283F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29AEFF-C8B6-4142-8B55-1670843B5B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92FDC239-FB0D-4DB7-AA2E-D97CC702FDFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en los servicios RTSP en Helix DNA Server anterior a 11.1.4 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una comando RSTP contieniendo m\u00faltiples cabeceras Require."
}
],
"id": "CVE-2007-4561",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-28T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26609"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018605"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6026
Vulnerability from fkie_nvd - Published: 2006-11-21 23:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_dna_server | 11.0 | |
| realnetworks | helix_dna_server | 11.1 | |
| realnetworks | helix_mobile_server | * | |
| realnetworks | helix_server | * | |
| realnetworks | helix_server | 11.0 | |
| realnetworks | helix_server | 11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA85105-4EEB-408B-8F49-DB53CFA74B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C146CADF-9F82-41F6-9351-A5A9E283F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_mobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0A7EC3-519D-45A1-95F2-3727455EE3FB",
"versionEndIncluding": "11.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EADADE3-235F-4BBC-99AD-F72908E1EADF",
"versionEndIncluding": "11.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A30A2490-21FC-4C0D-80A3-B89E6F58E93A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2954F6FF-357E-4E76-B135-DECDED4241B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Helix DNA Server 11.0 y 11.1 tiene impacto y vectores de ataque desconocidos, como ha sido demostrado por cierto m\u00f3dulo de VulnDisco Pack. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos \u00fanicamente de informaci\u00f3n de terceros. Desde el 18/11/2006, esta revelaci\u00f3n no tiene informaci\u00f3n accionable. Sin embargo, debido a que el autor de VulnDisco Pack es un investigador de confianza, a este asunto le ha sido asignado un identificador CVE con prop\u00f3sitos de seguimiento."
}
],
"id": "CVE-2006-6026",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-21T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://gleg.net/helix.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22944"
},
{
"source": "cve@mitre.org",
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21141"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23068"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gleg.net/helix.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3531"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3276
Vulnerability from fkie_nvd - Published: 2006-06-28 22:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_dna_server | 10.0 | |
| realnetworks | helix_dna_server | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF76B16-1FFB-49BF-A4B6-F4A5330C4C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_dna_server:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA85105-4EEB-408B-8F49-DB53CFA74B54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica -heap- en RealNetworks Helix DNA Server v10.0 y v11.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1)una cabecera larga HTTP User-Agent en el servicio RTSP y (2) vectores no especificados que incluyen \"parsing of HTTP URL schemes\"."
}
],
"evaluatorSolution": "Upgrade to Helix DNA Server version 11.1 :\r\nhttps://helix-server.helixcommunity.org/2005/devdocs/builds",
"id": "CVE-2006-3276",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-28T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"source": "cve@mitre.org",
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20784"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016365"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26799"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18606"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-1317 (GCVE-0-2010-1317)
Vulnerability from cvelistv5 – Published: 2010-04-20 15:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource": "CONFIRM",
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1317",
"datePublished": "2010-04-20T15:00:00Z",
"dateReserved": "2010-04-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:44.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4561 (GCVE-0-2007-4561)
Vulnerability from cvelistv5 – Published: 2007-08-28 01:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"name": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4561",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6026 (GCVE-0-2006-6026)
Vulnerability from cvelistv5 – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gleg.net/helix.txt",
"refsource": "MISC",
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"name": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml",
"refsource": "MISC",
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"name": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf",
"refsource": "CONFIRM",
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6026",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3276 (GCVE-0-2006-3276)
Vulnerability from cvelistv5 – Published: 2006-06-28 22:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "helix-dna-rtsp-bo(27316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "helix-dna-rtsp-bo(27316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "helix-dna-rtsp-bo(27316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20784"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200606-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3276",
"datePublished": "2006-06-28T22:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1317 (GCVE-0-2010-1317)
Vulnerability from nvd – Published: 2010-04-20 15:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource": "CONFIRM",
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1317",
"datePublished": "2010-04-20T15:00:00Z",
"dateReserved": "2010-04-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:44.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4561 (GCVE-0-2007-4561)
Vulnerability from nvd – Published: 2007-08-28 01:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25440"
},
{
"name": "20070824 [MU-200708-01] Helix DNA Server Heap Corruption",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=118800391412961\u0026w=2"
},
{
"name": "ADV-2007-2986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2986"
},
{
"name": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt"
},
{
"name": "26609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26609"
},
{
"name": "1018605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018605"
},
{
"name": "3069",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4561",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6026 (GCVE-0-2006-6026)
Vulnerability from nvd – Published: 2006-11-21 23:00 – Updated: 2024-08-07 20:12
VLAI?
Summary
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gleg.net/helix.txt",
"refsource": "MISC",
"url": "http://gleg.net/helix.txt"
},
{
"name": "3531",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3531"
},
{
"name": "[Server-cvs] 20070131 protocol/rtsp rtspprot.cpp,1.80,1.81",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html"
},
{
"name": "20070320 Helix Server heap overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463333/100/0/threaded"
},
{
"name": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml",
"refsource": "MISC",
"url": "http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml"
},
{
"name": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf",
"refsource": "CONFIRM",
"url": "http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf"
},
{
"name": "23068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23068"
},
{
"name": "21141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21141"
},
{
"name": "22944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22944"
},
{
"name": "ADV-2007-1056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1056"
},
{
"name": "20070323 Helix Server LoadTestPassword Overflow",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001459.html"
},
{
"name": "20070324 Helix Server LoadTestPassword Overflow",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001468.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6026",
"datePublished": "2006-11-21T23:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3276 (GCVE-0-2006-3276)
Vulnerability from nvd – Published: 2006-06-28 22:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "helix-dna-rtsp-bo(27316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "helix-dna-rtsp-bo(27316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the \"parsing of HTTP URL schemes\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "helix-dna-rtsp-bo(27316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27316"
},
{
"name": "18606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18606"
},
{
"name": "1016365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016365"
},
{
"name": "ADV-2006-2521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2521"
},
{
"name": "20060622 [MU-200606-01] Real Helix RTSP Server Heap Corruption Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0600.html"
},
{
"name": "helix-dna-url-bo(27317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27317"
},
{
"name": "26799",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26799"
},
{
"name": "20784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20784"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200606-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200606-01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3276",
"datePublished": "2006-06-28T22:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}