CVE-2007-0748
https://notcve.org/view.php?id=CVE-2007-0748
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. Desbordamiento de búfer basado en montículo en Apple Darwin Streaming Proxy, cuando utiliza Darwin Streaming Server versiones anteriores a 5.5.5, permite a atacantes remotos ejecutar código de su elección mediante múltiples valores trackID en una petición SETUP RTSP. • http://docs.info.apple.com/article.html?artnum=305495 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html http://osvdb.org/35975 http://secunia.com/advisories/25193 http://www.securityfocus.com/bid/23918 http://www.securitytracker.com/id?1018047 http://www.vupen.com/english/advisories/2007/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/34225 •
CVE-2007-0749
https://notcve.org/view.php?id=CVE-2007-0749
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. Múltiples desbordamientos de búfer basado en pila en la función is_command en proxy.c en Apple Darwin Streaming Proxy, cuando se utiliza en Darwin Streaming Server anterior a 5.5.5, permite a atacantes remotos ejecutar código de su elección a través de un valor (1)cmd largo o (2)server en una respuesta RTSP. • http://docs.info.apple.com/article.html?artnum=305495 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html http://osvdb.org/35976 http://secunia.com/advisories/25193 http://www.securityfocus.com/bid/23918 http://www.securitytracker.com/id?1018047 http://www.vupen.com/english/advisories/2007/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/34222 •
CVE-2005-2195
https://notcve.org/view.php?id=CVE-2005-2195
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. Apple Darwin Streaming Server 5.5 y anteriores permite que atacantes remotos causen una denegación de servicio (caída de la aplicación) mediante una URL con un nombre de fichero con extensión .cgi y nombre de dispositivo de MS-DOS (tal como AUX, CON, PRN, COM1, o LPT1). • http://marc.info/?l=bugtraq&m=112126999514361&w=2 http://secunia.com/advisories/16056 http://securitytracker.com/id?1014474 http://secway.org/Advisory/AD20050713.txt •
CVE-2003-1414 – Apple QuickTime/Darwin Streaming Server 4.1.x - 'parse_xml.cgi' File Disclosure
https://notcve.org/view.php?id=CVE-2003-1414
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. • https://www.exploit-db.com/exploits/22312 http://securityreason.com/securityalert/3260 http://www.securityfocus.com/archive/1/313517 http://www.securityfocus.com/bid/6990 https://exchange.xforce.ibmcloud.com/vulnerabilities/11446 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2003-1413
https://notcve.org/view.php?id=CVE-2003-1413
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. • http://securityreason.com/securityalert/3260 http://www.securityfocus.com/archive/1/313517 http://www.securityfocus.com/bid/6992 https://exchange.xforce.ibmcloud.com/vulnerabilities/11445 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •