source: https://www.securityfocus.com/bid/6990/info
A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.
This vulnerability was tested on SS for Microsoft Windows systems.
http://localhost:1220/parse_xml.cgi?filename=.../qtusers
