RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-07-06
Updated
2013-07-08
Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.24%
Published
2012-04-17
Updated
2017-12-29
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.
Max CVSS
2.1
EPSS Score
95.99%
Published
2012-04-17
Updated
2017-12-29
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
Max CVSS
4.3
EPSS Score
0.70%
Published
2012-03-28
Updated
2012-08-25
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.
Max CVSS
4.3
EPSS Score
0.34%
Published
2011-08-18
Updated
2011-10-06
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
Max CVSS
4.3
EPSS Score
0.11%
Published
2011-10-04
Updated
2012-05-14
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
Max CVSS
4.3
EPSS Score
1.58%
Published
2010-12-14
Updated
2011-01-19
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Max CVSS
4.3
EPSS Score
4.85%
Published
2010-12-14
Updated
2011-01-19
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
Max CVSS
4.3
EPSS Score
2.60%
Published
2007-09-17
Updated
2018-10-15
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.
Max CVSS
2.6
EPSS Score
0.72%
Published
2005-05-02
Updated
2017-07-11
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
Max CVSS
2.6
EPSS Score
0.26%
Published
2004-10-06
Updated
2017-12-12
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
Max CVSS
2.6
EPSS Score
0.36%
Published
2004-09-29
Updated
2017-11-16
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
Max CVSS
1.7
EPSS Score
0.09%
Published
2002-08-12
Updated
2008-09-05
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
Max CVSS
2.6
EPSS Score
0.51%
Published
2000-04-03
Updated
2008-09-05
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.08%
Published
1999-04-14
Updated
2016-10-18
RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.09%
Published
1998-12-10
Updated
2017-12-19
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!