ARK library 输入验证错误漏洞

Bandisoft ARK library is a library from Bandisoft Korea that decompresses most of the existing compression formats such as ZIP, RAR, ALZ, EGG, etc. in various OS environments such as Windows, macOS, Linux, etc. and creates compressed files in ZIP/7Z format. A security vulnerability exists in the...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

GoAhead 3.4.1 Heap Overflow / Traversal

Affected software: GoAhead Web Server Affected versions: 3.0.0 - 3.4.1 3.x.x series before 3.4.2 CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a "." but are not entirely equal to "." or ".." eg. ".x". By sending a...