Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the “raw” command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
mail.zope.org/pipermail/zope-announce/2006-July/001984.html
secunia.com/advisories/20988
secunia.com/advisories/21025
secunia.com/advisories/21130
secunia.com/advisories/21459
www.debian.org/security/2006/dsa-1113
www.novell.com/linux/security/advisories/2006_19_sr.html
www.securityfocus.com/bid/18856
www.vupen.com/english/advisories/2006/2681
www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
exchange.xforce.ibmcloud.com/vulnerabilities/27636
usn.ubuntu.com/317-1/