MidnightBSD

Advisories for craig_drummond

CVE-2013-7300 MEDIUM

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
craig_drummond cantata 0.8.3.1
craig_drummond cantata 0.8.2
craig_drummond cantata 1.0.2
craig_drummond cantata 0.9.1
craig_drummond cantata 0.9.0
craig_drummond cantata 1.1.0
craig_drummond cantata 0.8.0
craig_drummond cantata *
craig_drummond cantata 1.1.1
craig_drummond cantata 0.8.1
craig_drummond cantata 0.7.0
craig_drummond cantata 1.0.0
craig_drummond cantata 0.9.2
craig_drummond cantata 0.8.3
craig_drummond cantata 1.0.1
craig_drummond cantata 1.2.0
craig_drummond cantata 0.7.1
craig_drummond cantata 1.1.3
craig_drummond cantata 1.0.3
craig_drummond cantata 1.1.2
CVE-2013-7301 MEDIUM

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
craig_drummond cantata 0.8.3.1
craig_drummond cantata 0.8.2
craig_drummond cantata 1.0.2
craig_drummond cantata 0.9.1
craig_drummond cantata 0.9.0
craig_drummond cantata 1.1.0
craig_drummond cantata 0.8.0
craig_drummond cantata *
craig_drummond cantata 1.1.1
craig_drummond cantata 0.8.1
craig_drummond cantata 0.7.0
craig_drummond cantata 1.0.0
craig_drummond cantata 0.9.2
craig_drummond cantata 0.8.3
craig_drummond cantata 1.0.1
craig_drummond cantata 1.2.0
craig_drummond cantata 0.7.1
craig_drummond cantata 1.1.3
craig_drummond cantata 1.0.3
craig_drummond cantata 1.1.2