Apple : Security Vulnerabilities, CVEs, Published In August 2003
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
Max CVSS
4.6
EPSS Score
0.14%
Published
2003-08-18
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
Max CVSS
10.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2011-03-08
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Max CVSS
10.0
EPSS Score
79.54%
Published
2003-08-27
Updated
2024-02-08
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
Max CVSS
10.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-05
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
Max CVSS
5.0
EPSS Score
2.90%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
Max CVSS
5.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-10
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
Max CVSS
5.0
EPSS Score
0.73%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
Max CVSS
5.0
EPSS Score
0.29%
Published
2003-08-27
Updated
2008-09-10
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
Max CVSS
10.0
EPSS Score
0.83%
Published
2003-08-27
Updated
2008-09-05
9 vulnerabilities found