Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Darwin Streaming Server  >> 4.1.3  Security Vulnerabilities
CVE-2004-1088
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVSS Score
7.5
EPSS Score
0.015
Published
2004-12-02
CVE-2004-1089
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-12-02
CVE-2004-0169
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
CVSS Score
5.0
EPSS Score
0.019
Published
2004-03-15
CVE-2003-0421
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
CVSS Score
10.0
EPSS Score
0.007
Published
2003-08-27
CVE-2003-0422
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-08-27
CVE-2003-0423
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-08-27
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-08-27
CVE-2003-0425
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
CVSS Score
5.0
EPSS Score
0.019
Published
2003-08-27
CVE-2003-0426
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-08-27
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-08-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved