Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-0748 |
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. Published: May 13, 2007; 6:19:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-0749 |
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. Published: May 13, 2007; 6:19:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-2195 |
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. Published: July 18, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1123 |
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1083 |
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. Published: December 03, 2004; 12:00:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2004-1081 |
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-1084 |
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1085 |
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-1086 |
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1087 |
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-1088 |
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1089 |
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users. Published: December 02, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2004-0169 |
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0421 |
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2003-0422 |
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0423 |
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0424 |
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0425 |
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0426 |
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2003-0502 |
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |