16 matches found
CVE-2003-1414
CVE-2003-1414 describes a directory traversal vulnerability in the parse_xml.cgi component of Apple Darwin Streaming Server 4.1.2 and Apple QuickTime Streaming Server 4.1.1. The issue allows remote attackers to read arbitrary files by manipulating the filename parameter. The vulnerability affects...
CVE-2003-0050
The CVE-2003-0050 issue affects Apple’s Darwin Streaming Administration Server (v4.1.2) and QuickTime Streaming Server (v4.1.1). It stems from parse_xml.cgi, where shell metacharacters injected by an attacker enable remote code execution. Multiple sources (NVD, CVE list, OpenVAS-style advisories)...
CVE-2003-0051
CVE-2003-0051 affects Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1, where parse_xml.cgi can reveal the server installation’s physical path via a NULL file parameter. The issue enables remote access to sensitive path information and is part of a set of re...
CVE-2003-0054
CVE-2003-0054 affects Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1. The issue enables remote code execution when an unauthenticated request to port 7070 includes a script argument to the rtsp DESCRIBE method; the script is written to a log file and execu...
CVE-2004-1087
Technical details about CVE-2004-1087 are not publicly available in the provided connected documents. The initial note describes a UI indicator issue on Mac OS X 10.3.6, but no specifics, fixes, or affected versions are given here. Monitor for updates.
CVE-2003-1413
The CVE-2003-1413 entry concerns Apple Darwin Streaming Server 4.1.1, where parse_xml.cgi is vulnerable to a path-based check that leaks file existence information. By supplying a filename parameter containing ".." sequences, an attacker can trigger distinct error messages that allow remote deter...
CVE-2003-0053
CVE-2003-0053 describes an XSS vulnerability in parse_xml.cgi used by Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1. An attacker can supply a crafted filename parameter, which is reflected in an error message, allowing arbitrary script execution in the vi...
CVE-2004-1083
Apache on Apple Mac OS X 10.2.8 and 10.3.6 is affected by a vulnerability arising from case-sensitivity handling: Apache restricts file access in a case-sensitive way while the HFS+ filesystem on Mac is case-insensitive, allowing remote attackers to read .DS_Store and files starting with ".ht" vi...
CVE-2004-1085
The CVE-2004-1085 vulnerability affects Apple Mac OS X 10.3.6 HIToolBox. It allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. The provided documents do not include any exploit details or remediation steps. No broader impact ...
CVE-2004-1086
Technical details about CVE-2004-1086 are not publicly available in the provided connected documents; no specific affected product versions beyond Mac OS X 10.3.6 are disclosed. Monitor for updates.
CVE-2004-1123
CVE-2004-1123 affects Darwin Streaming Server 5.0.1 (and possibly earlier) where a DESCRIBE request containing a null-byte location may crash the server, causing a denial of service. The vulnerability is remote and unauthenticated, leading to a partial availability impact as noted in the CVSS vec...
CVE-2004-1081
The CVE-2004-1081 issue affects Apple Mac OS X AppKit in versions 10.2.8 and 10.3.6, where the secure text input field is not properly restricted. This allows local users to read keyboard input from other applications within the same window session, compromising confidentiality (described as PART...
CVE-2004-1088
Postfix server for Apple Mac OS X 10.3.6 vulnerable when using CRAM-MD5: remote attackers can send mail without authentication by replaying authentication information. Reported CVSSv2 base score 7.5 (HIGH) with network attack vector and low attack complexity. The provided documents do not specify...
CVE-2004-1084
The CVE-2004-1084 entry describes an Apache on Mac OS X vulnerability affecting versions 10.2.8 and 10.3.6 where remote attackers can read files and resource fork content via HTTP requests to specially named HFS+ data streams, bypassing Apache file handles. The root cause is related to how HFS+ d...
CVE-2003-0052
CVE-2003-0052 applies to Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1, where parse_xml.cgi allows remote attackers to list arbitrary directories due to unvalidated input. Public sources (ATstake advisory, vendor notices) describe it as a directory-listin...
CVE-2004-1089
CVE-2004-1089 affects Apple Mac OS X 10.3.6 Server when using Kerberos authentication with Cyrus IMAP. The vulnerability, as described in the initial document, allows local users to access mailboxes of other users, indicating an information disclosure / mailbox access issue arising from the Cyrus...