7 lines
No EOL
504 B
Text
7 lines
No EOL
504 B
Text
source: https://www.securityfocus.com/bid/6990/info
|
|
|
|
A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.
|
|
|
|
This vulnerability was tested on SS for Microsoft Windows systems.
|
|
|
|
http://localhost:1220/parse_xml.cgi?filename=.../qtusers |