Vulnerabilities > Craig Drummond

DATE CVE VULNERABILITY TITLE RISK
2014-02-02 CVE-2013-7301 Permissions, Privileges, and Access Controls vulnerability in Craig Drummond Cantata
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
network
low complexity
craig-drummond CWE-264
5.0
2014-02-02 CVE-2013-7300 Path Traversal vulnerability in Craig Drummond Cantata
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server.
network
low complexity
craig-drummond CWE-22
5.0