Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Quicktime/Darwin流服务器parse_xml.cgi远程命令执行漏洞
Vulnerability Description
Apple Darwin和QuickTime流管理服务器是基于WEB的服务,允许管理员管理Darwin和QuickTime流服务器,默认情况下,这些服务以root用户权限监听1220/TCP端口。 Darwin/QuickTime流服务器不充分过滤用户提交的输入,远程攻击者可以利用这个漏洞以流服务器进程权限在系统上执行任意命令。 Darwin流管理服务器依靠parse_xml.cgi应用程序来验证和与用户交互,此CGI由PERL编写,直接传递没有进行充分处理的输入给open()函数,当管道'|'字符插入到
CVSS Information
N/A
Vulnerability Type
N/A