RSS   Vulnerabilities for 'Cantata'   RSS

2014-02-01
 
CVE-2013-7301

CWE-264
 

 
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

 
 
CVE-2013-7300

CWE-22
 

 
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.

 


Copyright 2024, cxsecurity.com

 

Back to Top