PT-2025-09: Path Traversal in TCPDF

The application performs insufficient validation of relative paths when processing SVG image. Bypassing validation using the payload allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequent inclusion of...

Mandriva Linux Security Advisory : dokuwiki (MDVSA-2015:185)

Updated dokuwiki packages fix security vulnerabilities : inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki...