Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Darwin Streaming Server  >> 4.1.2  Security Vulnerabilities
CVE-2007-0748
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
CVSS Score
10.0
EPSS Score
0.197
Published
2007-05-13
CVE-2007-0749
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
CVSS Score
10.0
EPSS Score
0.197
Published
2007-05-13
CVE-2005-2195
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-07-18
CVE-2003-1413
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
CVE-2003-1414
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
CVSS Score
4.3
EPSS Score
0.027
Published
2003-12-31
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-08-27
CVE-2003-0050
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVSS Score
7.5
EPSS Score
0.878
Published
2003-03-07
CVE-2003-0051
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2003-03-07
CVE-2003-0052
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
CVSS Score
5.0
EPSS Score
0.004
Published
2003-03-07
CVE-2003-0053
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
CVSS Score
4.3
EPSS Score
0.004
Published
2003-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved