Gain a shell remotely : Quicktime/Darwin 4.1.x Streaming Administration Server 'parse

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11278
Categoría:	Gain a shell remotely
Título:	Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities
Resumen:	QuickTime/Darwin streaming administration server is prone to; multiple vulnerabilities.
Descripción:	Summary: QuickTime/Darwin streaming administration server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2003-0050, CVE-2003-0054: Remote command execution (RCE) - CVE-2003-0051, CVE-2003-0052: Information disclosure - CVE-2003-0053: Cross-site scripting (XSS) - CVE-2003-0055: Buffer overflow - CVE-2003-1414: Directory traversal This is due to parsing problems with the following script: parse_xml.cgi. The worst of these vulnerabilities allows for remote command execution usually as root or administrator. These servers are installed by default on port 1220. Solution: Obtain a patch or new software from Apple or block this port (TCP 1220) from internet access. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0050 @stake Security Advisory: A032403-1 BugTraq ID: 6954 http://www.securityfocus.com/bid/6954 Bugtraq: 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11401.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0051 BugTraq ID: 6956 http://www.securityfocus.com/bid/6956 http://www.iss.net/security_center/static/11402.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0052 BugTraq ID: 6955 http://www.securityfocus.com/bid/6955 http://www.iss.net/security_center/static/11403.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0053 BugTraq ID: 6958 http://www.securityfocus.com/bid/6958 http://www.iss.net/security_center/static/11404.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0054 BugTraq ID: 6960 http://www.securityfocus.com/bid/6960 http://www.iss.net/security_center/static/11405.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0055 BugTraq ID: 6957 http://www.securityfocus.com/bid/6957 http://www.iss.net/security_center/static/11406.php Common Vulnerability Exposure (CVE) ID: CVE-2003-1414 BugTraq ID: 6990 http://www.securityfocus.com/bid/6990 Bugtraq: 20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/313517 http://securityreason.com/securityalert/3260 XForce ISS Database: darwin-dotdotdot-directory-traversal(11446) https://exchange.xforce.ibmcloud.com/vulnerabilities/11446
Copyright	Copyright (C) 2005 Michael Scheidell