The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows when using the built-in HTTP form-based file upload mechanism via the mg_handle_form_request API. Web applications that use the file upload form handler and use parts of the user-controlled filename in the output path are susceptible to directory traversal

...

Security update for civetweb (moderate)

openSUSE Security Update: Security update for civetweb Announcement ID: openSUSE-SU-2021:1424-1 Rating: moderate References: 1191938 Cross-References: CVE-2020-27304 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for civetwe...

[SECURITY] [DLA 2752-1] squashfs-tools security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2752-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 31, 2021 https://wiki.debian.org/LTS -...

Directory Traversal

pimcore is vulnerable to directory traversal attacks. The library does not properly validate the filepath, allowing a malicious user to pass a filepath without the file to the application...