Apple » Darwin Streaming Server » 4.1.3 : Security Vulnerabilities, CVEs, CVSS score >= 4
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
Max CVSS
10.0
EPSS Score
5.58%
Published
2007-05-13
Updated
2017-07-29
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
Max CVSS
10.0
EPSS Score
6.88%
Published
2007-05-13
Updated
2017-07-29
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
Max CVSS
5.0
EPSS Score
1.30%
Published
2005-07-18
Updated
2016-10-18
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
Max CVSS
5.0
EPSS Score
0.26%
Published
2005-01-10
Updated
2017-07-11
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-02
Updated
2017-07-11
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
Max CVSS
7.5
EPSS Score
1.14%
Published
2004-12-02
Updated
2017-07-11
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
Max CVSS
7.5
EPSS Score
5.10%
Published
2004-12-02
Updated
2017-07-11
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
Max CVSS
5.0
EPSS Score
0.18%
Published
2004-12-02
Updated
2017-07-11
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
Max CVSS
7.5
EPSS Score
6.41%
Published
2004-12-03
Updated
2024-02-08
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
Max CVSS
5.0
EPSS Score
3.01%
Published
2004-03-15
Updated
2017-10-10
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
Max CVSS
10.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2011-03-08
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
Max CVSS
10.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-05
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
Max CVSS
5.0
EPSS Score
2.90%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
Max CVSS
5.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-10
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
Max CVSS
5.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
Max CVSS
5.0
EPSS Score
0.29%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
Max CVSS
10.0
EPSS Score
0.83%
Published
2003-08-27
Updated
2008-09-05
17 vulnerabilities found