3024 matches found
CVE-2003-0421
CVE-2003-0421 and CVE-2003-0502 affect Apple Darwin Streaming Server / QuickTime prior to the cited fixed versions by allowing remote denial of service via an MS-DOS device name (e.g., AUX) over HTTP on port 1220. Details in the sources show that exploiting names like AUX (and variants like ..AUX...
CVE-2003-0423
Apple QuickTime/Darwin Streaming Server’s parse_xml.cgi vulnerability (CVE-2003-0423) allows remote access to the source code of files via /parse_xml.cgi?filename=[file] for DS 4.1.3g and earlier. The issue is caused by Web root script disclosure, with no fix available at the time and Apple inves...
CVE-2003-0421
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service crash via an MS-DOS device name e.g. AUX in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502...
CVE-2003-0502
CVE-2003-0502 affects Apple QuickTime / Darwin Streaming Server up to version 4.1.3g. The vulnerability enables a remote denial-of-service (crash) when a crafted HTTP request to port 1220 contains a \..\ sequence followed by an MS-DOS device name (e.g., AUX). The condition is that the software is...
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...
[Full-Disclosure] R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rapid7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXpose, the world's most advanced vulnerability scanner. Linux and Windows 2000/XP versions are available now! Rapid7 Advisory R7-0015 Multiple Vulnerabilities Apple...
Re: QuickTime/Darwin Streaming Server security issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings. I'm having trouble reproducing this vulnerability as well. See below: jdog@wonderland jdog$ cat /etc/redhat-release jdog's Super Tricked-out Red Hat Linux release 8.0 Psyche jdog@wonderland jdog$ echo -ne "OPTIONS RTSP/1.0nCseq: 1nn" | nc...
QuickTime/Darwin Streaming Server security issues
// @Security advisory: QuickTime/Darwin Streaming server security issues Release date: May 22, 2003 Name: QuickTime/Darwin Streaming server security issues Author: Sir Mordred [email protected] I. DESCRIPTION Darwin Streaming Server DSS is server technology which allows you to send streaming...
Apple QuickTimeDarwin Streaming Server 4.1.3 QTSSReflector Module - Integer Overflow
Apple QuickTimeDarwin Streaming Server 4.1.3 QTSSReflector Module - Integer Overflow source: https://www.securityfocus.com/bid/7659/info A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the...
Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module - Integer Overflow
source: https://www.securityfocus.com/bid/7659/info A vulnerability has been reported for Apple QuickTime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying an extremely large value as an argumen...
CVE-2003-0168
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL...
QuickTime buffer overflow
Buffer overflow on processing quicktime:// URL...
iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 03.31.03: http://www.idefense.com/advisory/03.31.03.txt Buffer Overflow in Windows QuickTime Player March 31, 2003 I. BACKGROUND QuickTime Player is a popular media player for both the Microsoft Windows and Apple Mac...
QuickTime < 6.1 URL Handling Overflow (Windows)
The remote version of the QuickTime player is vulnerable to a buffer overflow. To exploit it, an attacker would need a user of this host to visit a rogue webpage with a malformed link in it. He could then be able to execute arbitrary code with the rights of the user visiting the page. C Tenable...
CVE-2003-0168
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL...
CVE-2003-0168
CVE-2003-0168 describes a buffer overflow in Apple QuickTime Player for Windows (versions 5.x and 6.0) triggered by processing overly long QuickTime URLs, allowing remote arbitrary code execution. The issue affects the Windows QuickTime Player, not the Mac versions. Vendor guidance: upgrade to Qu...
Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs
Overview Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. A flaw in the version for Windows could allow a remote attacker to execute arbitrary code on a...
CVE-2003-0054
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed usin...
CVE-2003-0053
Cross-site scripting XSS vulnerability in parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message...
CVE-2003-0055
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename...