Launchpad.net

CVE 2014-10073

The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.

See the CVE page on Mitre.org for more details.