- EPSS 1.75%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
- EPSS 2.94%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
CVE-2003-0050
- EPSS 68.86%
- Veröffentlicht 07.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:25
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVE-2003-0054
- EPSS 2.34%
- Veröffentlicht 07.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:25
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a lo...
CVE-2003-0053
- EPSS 1.82%
- Veröffentlicht 07.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:25
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into...
- EPSS 1.36%
- Veröffentlicht 07.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:25
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
- EPSS 2.06%
- Veröffentlicht 07.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:25
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.