CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0502
https://notcve.org/view.php?id=CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. Apple QuickTime / Darwin Streaming Server anteriores a 4.1.3g permite a atacantes remotos causar una denegación de servicio (caída) mediante un secuencia .. (punto punto) seguida por un nombre de dispositivo MS-DOS (por ejemplo AUX) en una petición puerto HTTP al puerto 1220; es una vulnerabilidad distinta a CAN-2003-O421. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html http://www.rapid7.com/advisories/R7-0015.html •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0052
https://notcve.org/view.php?id=CVE-2003-0052
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos realizar un listado arbitrario de directorios. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11403.php http://www.securityfocus.com/bid/6955 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0051
https://notcve.org/view.php?id=CVE-2003-0051
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos obtener la ruta de instalación del servidor mediante un parámetro file igual a NULL. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11402.php http://www.securityfocus.com/bid/6956 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0053
https://notcve.org/view.php?id=CVE-2003-0053
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en parse_xml.cgi de Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos la inserción de código arbitrario mediante el parámetro filename, insertado a través de un mensaje de error. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11404.php http://www.securityfocus.com/bid/6958 •
CVSS: 7.5EPSS: 65%CPEs: 2EXPL: 1CVE-2003-0050 – QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution
https://notcve.org/view.php?id=CVE-2003-0050
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos la ejecución arbitraria de código mediante metacaracteres de shell. The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. • https://www.exploit-db.com/exploits/16891 http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11401.php http://www.securityfocus.com/bid/6954 •