Page 3 of 16 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. • http://securityreason.com/securityalert/3260 http://www.securityfocus.com/archive/1/313517 http://www.securityfocus.com/bid/6992 https://exchange.xforce.ibmcloud.com/vulnerabilities/11445 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos realizar un listado arbitrario de directorios. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11403.php http://www.securityfocus.com/bid/6955 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos obtener la ruta de instalación del servidor mediante un parámetro file igual a NULL. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11402.php http://www.securityfocus.com/bid/6956 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en parse_xml.cgi de Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos la inserción de código arbitrario mediante el parámetro filename, insertado a través de un mensaje de error. • http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11404.php http://www.securityfocus.com/bid/6958 •

CVSS: 7.5EPSS: 65%CPEs: 2EXPL: 1

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. parse_xml.cgi en Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos la ejecución arbitraria de código mediante metacaracteres de shell. The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. • https://www.exploit-db.com/exploits/16891 http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11401.php http://www.securityfocus.com/bid/6954 •