Darwin Streaming Server@4.1.2 Security Vulnerabilities and Issues — Darwin Streaming Server@4.1.2 CVE List

Lucene search

AppleDarwin Streaming Server4.1.2

9 matches found

CVE•added 2007/10/20 10:0 a.m.•55 views

CVE-2003-1414

Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.

4.3CVSS6.3AI score0.02664EPSS

CVE•added 2007/05/13 10:19 p.m.•53 views

CVE-2007-0748

Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.

10CVSS7.8AI score0.19686EPSS

CVE•added 2004/09/01 4:0 a.m.•52 views

CVE-2003-0054

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using ...

7.5CVSS6.7AI score0.00874EPSS

CVE•added 2007/05/13 10:19 p.m.•52 views

CVE-2007-0749

Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

10CVSS7.5AI score0.19686EPSS

CVE•added 2004/09/01 4:0 a.m.•50 views

CVE-2003-0050

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.

7.5CVSS7.3AI score0.87791EPSS

CVE•added 2004/09/01 4:0 a.m.•49 views

CVE-2003-0051

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.

5CVSS5.8AI score0.00492EPSS

CVE•added 2004/09/01 4:0 a.m.•47 views

CVE-2003-0053

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

4.3CVSS5.5AI score0.00392EPSS

CVE•added 2007/10/20 10:0 a.m.•46 views

CVE-2003-1413

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

4.3CVSS6.7AI score0.00267EPSS

CVE•added 2004/09/01 4:0 a.m.•39 views

CVE-2003-0052

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.

5CVSS6.3AI score0.0076EPSS