Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Darwin Streaming Server  Security Vulnerabilities
CVE-2003-0426
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-08-27
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVSS Score
10.0
EPSS Score
0.018
Published
2003-08-27
CVE-2003-0050
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVSS Score
7.5
EPSS Score
0.878
Published
2003-03-07
CVE-2003-0051
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2003-03-07
CVE-2003-0052
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
CVSS Score
5.0
EPSS Score
0.008
Published
2003-03-07
CVE-2003-0053
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
CVSS Score
4.3
EPSS Score
0.004
Published
2003-03-07
CVE-2003-0054
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
CVSS Score
7.5
EPSS Score
0.009
Published
2003-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved