Tenable6502.PRMRealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities
Such versions are potentially affected by multiple vulnerabilities.
-
Administrative and user credentials are insecurely stored in a flat file database. This file may be accessed by local users to disclose passwords stored in clear text. (CVE-2012-1923)
-
A buffer overflow exists in the code that parses authentication credentials. It may be possible for a remote attacker to exploit this issue and execute arbitrary code. (CVE-2012-0942)
-
Multiple unspecified cross-site scripting vulnerabilities. (CVE-2012-1984)
-
A specially crafted malfored URL can cause the server process to crash if opened by an administrator. (CVE-2012-1985)
-
Establishing and immediately closing a TCP connection on port 705 can cause the SNMP Master Agent to crash (CVE-2012-2267)
-
A specially crafted Open-PDU request sent to the SNMP Master Agent can cause it to crash due to an unhandled exception. (CVE-2012-2268)
Binary data 6502.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| realnetworks | helix_server | cpe:/a:realnetworks:helix_server |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2268
helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf
secunia.com/secunia_research/2012-8
secunia.com/secunia_research/2012-9
www.securityfocus.com/archive/1/522249/30/0/threaded
www.securityfocus.com/archive/1/522250/30/0/threaded
Related
