Описание
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
Ссылки
- PatchVendor Advisory
- US Government Resource
- PatchVendor Advisory
- PatchVendor Advisory
- US Government Resource
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00315
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
EPSS
Процентиль: 54%
0.00315
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-22