3024 matches found
Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility
Overview Apple's QuickTime and Darwin Streaming Server DSS package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. Description Apple's QuickTime and Darwin Streaming Server is software which provides integrat...
CVE-2003-0871
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."...
CVE-2003-0871
CVE-2003-0871 concerns QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3. The description indicates an unknown vulnerability that could allow an attacker to gain unauthorized access to a system. Connected documents do not provide details beyond this, including verified affected components...
CVE-2003-0871
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."...
CVE-2003-0421
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service crash via an MS-DOS device name e.g. AUX in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502...
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service crash via a .. dot dot sequence followed by an MS-DOS device name e.g. AUX in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421...
CVE-2003-0423
parsexml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter...
CVE-2003-0425
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... triple dot in an HTTP request...
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...
CVE-2003-0426
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator...
CVE-2003-0422
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service crash via a request to viewbroadcast.cgi that does not contain the required parameters...
CVE-2003-0425
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... triple dot in an HTTP request...
CVE-2003-0426
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator...
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service crash via a .. dot dot sequence followed by an MS-DOS device name e.g. AUX in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421...
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...
CVE-2003-0422
CVE-2003-0422 affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f; a request to /view_broadcast.cgi without required parameters can cause a denial of service (server crash). Remediation: upgrade to 4.1.3f or later (per Rapid7 advisory) to fix this issue.
CVE-2003-0426
CVE-2003-0426 : In Apple QuickTime/Darwin Streaming Server, prior to 4.1.3f, the HTTP-based admin server presents a Setup Assistant on first install that allows a remote attacker to set the administrator password and gain privileges before the legitimate administrator. Affected: Darwin Streaming ...
CVE-2003-0425
Apple QuickTime/Darwin Streaming Server before 4.1.3f (Win32) is vulnerable to Web Root Traversal and Arbitrary File Disclosure via HTTP requests containing three dots to break out of the web root (e.g., /.../qtusers). The issue affects Darwin Streaming Server v4.1.3e and earlier (Win32). Fixed: ...
CVE-2003-0424
The CVE-2003-0424 entry affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f. The vulnerability allows an attacker to disclose script source code by appending encoded characters (%20 space or %2e dot) to an HTTP request for a script (e.g., /view_broadcast.cgi). The issue is a Script So...
CVE-2003-0421
CVE-2003-0421 and CVE-2003-0502 affect Apple Darwin Streaming Server / QuickTime prior to the cited fixed versions by allowing remote denial of service via an MS-DOS device name (e.g., AUX) over HTTP on port 1220. Details in the sources show that exploiting names like AUX (and variants like ..AUX...