Vulnerabilities > CVE-2003-0050 - Unspecified vulnerability in Apple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | QuickTime Streaming Server parse_xml.cgi Remote Execution. CVE-2003-0050. Webapps exploit for cgi platform |
id | EDB-ID:16891 |
last seen | 2016-02-02 |
modified | 2010-07-03 |
published | 2010-07-03 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16891/ |
title | QuickTime Streaming Server parse_xml.cgi Remote Execution |
Metasploit
description | The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. |
id | MSF:EXPLOIT/UNIX/WEBAPP/QTSS_PARSE_XML_EXEC |
last seen | 2020-05-23 |
modified | 2017-07-24 |
published | 2009-12-09 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0050 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/qtss_parse_xml_exec.rb |
title | QuickTime Streaming Server parse_xml.cgi Remote Execution |
Nessus
NASL family | CGI abuses |
NASL id | QUICKTIME_ADMIN.NASL |
description | The remote host is running Apple QuickTime Streaming Server. There are multiple flaws in this version : * Remote code execution vulnerability (by default with root privileges) * 2 Cross-Site Scripting vulnerabilities * Path Disclosure vulnerability * Arbitrary Directory listing vulnerability * Buffer overflow in MP3 broadcasting module |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11278 |
published | 2003-02-28 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11278 |
title | Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/84525/qtss_parse_xml_exec.rb.txt |
id | PACKETSTORM:84525 |
last seen | 2016-12-05 |
published | 2009-12-31 |
reporter | H D Moore |
source | https://packetstormsecurity.com/files/84525/QuickTime-Streaming-Server-parse_xml.cgi-Remote-Execution.html |
title | QuickTime Streaming Server parse_xml.cgi Remote Execution |