CVE-2014-9155

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. dot dot in the path of a cropped picture in the uploader panel...

CVE-2014-9155

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. dot dot in the path of a cropped picture in the uploader panel...

CVE-2014-9155

Summary: CVE-2014-9155 is a directory traversal vulnerability in the Drupal Avatar_Uploader module (6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6). An authenticated user can exploit a Linux/Unix path traversal via a .. in the path of a cropped image to read arbitrary server files access...

CVE-2014-9155

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. dot dot in the path of a cropped picture in the uploader panel...

SA-CONTRIB-2014-084 - Avatar Uploader - Information Disclosure

The Avatar Uploader enables you to upload user pictures in a user-friendly way, like Quora and Facebook. The module doesn't sufficiently check the picture path when a user crops the picture in the uploader panel allowing a malicious user to make specially crafted requests to obtain sensitive serv...