Vulnerabilities
Vulnerable Software
Apple:  >> Darwin Streaming Server  Security Vulnerabilities
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVSS Score
7.5
EPSS Score
0.015
Published
2004-12-02
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-12-02
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
CVSS Score
5.0
EPSS Score
0.013
Published
2004-03-15
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
CVSS Score
4.3
EPSS Score
0.027
Published
2003-12-31
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
CVSS Score
10.0
EPSS Score
0.007
Published
2003-08-27
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-08-27
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-08-27
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-08-27
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
CVSS Score
5.0
EPSS Score
0.019
Published
2003-08-27


Contact Us

Shodan ® - All rights reserved