Vulnerabilities (CVE)

Filtered by vendor Craig Drummond Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7301 1 Craig Drummond 1 Cantata 2024-11-21 5.0 MEDIUM N/A
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
CVE-2013-7300 1 Craig Drummond 1 Cantata 2024-11-21 5.0 MEDIUM N/A
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.