2 matches found
CVE-2010-3998
The CVE-2010-3998 flaw affects Banshee 1.8.0 and earlier, where a zero-length directory name is placed in LD_LIBRARY_PATH (and possibly GST_PLUGIN_PATH), allowing a local user to load a Trojan horse shared library from the current working directory and gain privileges. The issue is a local privil...
CVE-2009-1175
CVE-2009-1175 is a cross-site scripting vulnerability in Banshee's DAAP extension (version 1.4.2) affecting apps/web/vs_diag.cgi where the server parameter is not properly handled in error messages. This allows remote script/HTML injection. Exploitation details are not provided in the supplied do...