ID CVE-2005-0192Type cveReporter NVDModified 2017-12-12T12:17:54
Description
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
{"id": "CVE-2005-0192", "bulletinFamily": "NVD", "title": "CVE-2005-0192", "description": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.", "published": "2004-10-06T00:00:00", "modified": "2017-12-12T12:17:54", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0192", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18984", "http://marc.info/?l=bugtraq&m=109707741022291&w=2", "http://marc.info/?l=bugtraq&m=110616302008401&w=2", "http://service.real.com/help/faq/security/040928_player/EN/", "http://www.ngssoftware.com/advisories/real-03full.txt"], "cvelist": ["CVE-2005-0192"], "type": "cve", "lastseen": "2017-12-13T12:02:16", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:realnetworks:realplayer:10.0:::english", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta", "cpe:/a:realnetworks:realplayer:10.0:::japanese", "cpe:/a:realnetworks:realplayer:10.0::german", "cpe:/a:realnetworks:realplayer:10.0_beta", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0_6.0.12.690", "cpe:/a:realnetworks:realone_player:1.0"], "cvelist": ["CVE-2005-0192"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.", "edition": 3, "enchantments": {}, "hash": "c87b52f962418e1230c18a4e6b5e0b3023b85745b26c38084fd02ab35a9cf5b8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f65e34a3da9db7eaaf4e5e4dc158bfe4", "key": "cpe"}, {"hash": "6cef4c2b4938ed9e4e4b99bc94233850", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "6fba46f01334e16226c92ab72fb335cf", "key": "modified"}, {"hash": "80479dcd2ba08cf569ab2aa9c3edc741", "key": "description"}, {"hash": "1b5ae55715e43668b8232ed75e66280e", "key": "references"}, {"hash": "b1b883cc81b9e692ad8257b57f50dd7e", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af7b2b7af7868166885e8ce0e54569f5", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8de3871240330c4e444b760c9cf2fd6b", "key": "href"}, {"hash": "34879b9a630574f41fef30400738e2cf", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0192", "id": "CVE-2005-0192", "lastseen": "2017-07-11T11:14:46", "modified": "2017-07-10T21:32:08", "objectVersion": "1.3", "published": "2004-10-06T00:00:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18984", "http://marc.info/?l=bugtraq&m=109707741022291&w=2", "http://marc.info/?l=bugtraq&m=110616302008401&w=2", "http://service.real.com/help/faq/security/040928_player/EN/", "http://www.ngssoftware.com/advisories/real-03full.txt"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0192", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cpe"], "edition": 3, "lastseen": "2017-07-11T11:14:46"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:realnetworks:realplayer:10.0:::english", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta", "cpe:/a:realnetworks:realplayer:10.0:::japanese", "cpe:/a:realnetworks:realplayer:10.0::german", "cpe:/a:realnetworks:realplayer:10.0_beta", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0_6.0.12.690", "cpe:/a:realnetworks:realone_player:1.0"], "cvelist": ["CVE-2005-0192"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.", "edition": 2, "enchantments": {}, "hash": "02474d62d800645268d3b17a001a805210c3b22fed16c203206f47056417d03f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "bd625bc8c1501004b218a1170280e268", "key": "modified"}, {"hash": "f65e34a3da9db7eaaf4e5e4dc158bfe4", "key": "cpe"}, {"hash": "6cef4c2b4938ed9e4e4b99bc94233850", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "80479dcd2ba08cf569ab2aa9c3edc741", "key": "description"}, {"hash": "b1b883cc81b9e692ad8257b57f50dd7e", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af7b2b7af7868166885e8ce0e54569f5", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8de3871240330c4e444b760c9cf2fd6b", "key": "href"}, {"hash": "34879b9a630574f41fef30400738e2cf", "key": "cvelist"}, {"hash": "6459b70942da0ea80e44bc03036d064d", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0192", "id": "CVE-2005-0192", "lastseen": "2017-04-18T15:50:51", "modified": "2016-10-17T23:08:24", "objectVersion": "1.2", "published": "2004-10-06T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/18984", "http://marc.info/?l=bugtraq&m=109707741022291&w=2", "http://marc.info/?l=bugtraq&m=110616302008401&w=2", "http://service.real.com/help/faq/security/040928_player/EN/", "http://www.ngssoftware.com/advisories/real-03full.txt"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0192", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:51"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:realnetworks:realplayer:10.0:::english", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta", "cpe:/a:realnetworks:realplayer:10.0:::japanese", "cpe:/a:realnetworks:realplayer:10.0::german", "cpe:/a:realnetworks:realplayer:10.0_beta", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0_6.0.12.690", "cpe:/a:realnetworks:realone_player:1.0"], "cvelist": ["CVE-2005-0192"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.", "edition": 1, "hash": "2a338f96ed8ec51f1b5695a69b9f241079e7c7f583b4e1af81950a3518fcb26d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f65e34a3da9db7eaaf4e5e4dc158bfe4", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6cef4c2b4938ed9e4e4b99bc94233850", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "02d922c943d3d313f30440b6dd4dc444", "key": "references"}, {"hash": "80479dcd2ba08cf569ab2aa9c3edc741", "key": "description"}, {"hash": "b1b883cc81b9e692ad8257b57f50dd7e", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "0b8c420c569d088ab42bd926ad7a900b", "key": "modified"}, {"hash": "af7b2b7af7868166885e8ce0e54569f5", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8de3871240330c4e444b760c9cf2fd6b", "key": "href"}, {"hash": "34879b9a630574f41fef30400738e2cf", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0192", "id": "CVE-2005-0192", "lastseen": "2016-09-03T05:04:20", "modified": "2011-03-07T21:19:38", "objectVersion": "1.2", "published": "2004-10-06T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/18984", "http://service.real.com/help/faq/security/040928_player/EN/", "http://www.ngssoftware.com/advisories/real-03full.txt", "http://marc.theaimsgroup.com/?l=bugtraq&m=110616302008401&w=2", "http://marc.theaimsgroup.com/?l=bugtraq&m=109707741022291&w=2"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0192", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:04:20"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:realnetworks:realplayer:10.0:::ja", "cpe:/a:realnetworks:realplayer:10.0:beta", "cpe:/a:realnetworks:realplayer:10.0:::en", "cpe:/a:realnetworks:realplayer:10.5:6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5beta_6.0.12.1016", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0:::de", "cpe:/a:realnetworks:realplayer:10.0:6.0.12.690", "cpe:/a:realnetworks:realone_player:1.0"], "cvelist": ["CVE-2005-0192"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.", "edition": 4, "enchantments": {"score": {"modified": "2017-11-25T11:33:16", "value": 2.6}}, "hash": "100b364dad02ace1bebaf6189b157a2117f3c43c9ed3c5bde4ac3f4023be8cfe", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6cef4c2b4938ed9e4e4b99bc94233850", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "80479dcd2ba08cf569ab2aa9c3edc741", "key": "description"}, {"hash": "4ac507e7856304500dfa3e31c6d295c6", "key": "cpe"}, {"hash": "1b5ae55715e43668b8232ed75e66280e", "key": "references"}, {"hash": "b1b883cc81b9e692ad8257b57f50dd7e", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "cf898d97f98dc0c666596d70e6800c76", "key": "modified"}, {"hash": "af7b2b7af7868166885e8ce0e54569f5", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8de3871240330c4e444b760c9cf2fd6b", "key": "href"}, {"hash": "34879b9a630574f41fef30400738e2cf", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0192", "id": "CVE-2005-0192", "lastseen": "2017-11-25T11:33:16", "modified": "2017-11-22T09:05:34", "objectVersion": "1.3", "published": "2004-10-06T00:00:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/18984", "http://marc.info/?l=bugtraq&m=109707741022291&w=2", "http://marc.info/?l=bugtraq&m=110616302008401&w=2", "http://service.real.com/help/faq/security/040928_player/EN/", "http://www.ngssoftware.com/advisories/real-03full.txt"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0192", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cpe"], "edition": 4, "lastseen": "2017-11-25T11:33:16"}], "edition": 5, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "de61892c03f0a36e72bb9bd35e43520f"}, {"key": "cvelist", "hash": "34879b9a630574f41fef30400738e2cf"}, {"key": "cvss", "hash": "6cef4c2b4938ed9e4e4b99bc94233850"}, {"key": "description", "hash": "80479dcd2ba08cf569ab2aa9c3edc741"}, {"key": "href", "hash": "8de3871240330c4e444b760c9cf2fd6b"}, {"key": "modified", "hash": "0e6eb698114ad2d92e3328f48113ab06"}, {"key": "published", "hash": "b1b883cc81b9e692ad8257b57f50dd7e"}, {"key": "references", "hash": "1b5ae55715e43668b8232ed75e66280e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "af7b2b7af7868166885e8ce0e54569f5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "2799262588a97226adda584c77c0219780175cb0b096c654884f8deafda93cad", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:realnetworks:realplayer:10.0:::ja", "cpe:/a:realnetworks:realplayer:10.0:beta", "cpe:/a:realnetworks:realplayer:10.0:::en", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0:::de", "cpe:/a:realnetworks:realone_player:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:13938", "type": "osvdb", "title": "RealPlayer RJS Skin File Directory Traversal", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://service.real.com/help/faq/security/040928_player/EN/)\nOther Advisory URL: http://www.ngssoftware.com/advisories/real-03full.txt\nISS X-Force ID: 18984\n[CVE-2005-0192](https://vulners.com/cve/CVE-2005-0192)\nBugtraq ID: 12315\n", "published": "2005-01-19T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:13938", "cvelist": ["CVE-2005-0192"], "lastseen": "2017-04-28T13:20:09"}], "nessus": [{"id": "REALPLAYER_UNDISCLOSED_VULNS.NASL", "type": "nessus", "title": "RealPlayer Multiple Remote Vulnerabilities (2004-09-28)", "description": "According to its build number, the installed version of RealPlayer / RealOne Player for Windows may allow an attacker to execute arbitrary code and delete arbitrary files on the remote host.", "published": "2004-10-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15395", "cvelist": ["CVE-2004-1481", "CVE-2005-0189", "CVE-2005-0192", "CVE-2005-0190"], "lastseen": "2017-10-29T13:42:51"}]}}
