Barnraiser Prairie Directory Traversal
The OpenID idp software "Barnraiser Prairie" http://www.barnraiser.org/prairie/ is vulnerable to directory traversal attacks: ./getfile.php does not limit the given path and allows directory traversal attacks with full public access to all images on the server. Example exploit:...