CVE-2014-4447

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a 1 profile setup or 2 profile edit occurs...

Authentication flaw

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature...

CVE-2014-4374

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

ALCASAR-Remote

By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...

CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Directory traversal

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. dot dot in the page parameter to cgi-bin/cgiServer.exx...

CVE-2014-3543

CVE-2014-3543 affects Moodle versions up to 2.7.1 (and earlier branches) via mod/imscp/locallib.php, where a package manifest containing an XML external entity declaration combined with an entity reference enables reading arbitrary files (XML External Entity issue affecting IMSCP resources/IMSCC)...

CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/...

Design/Logic Flaw

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call...

CVE-2014-3485

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization rhevm 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity XXE issue...

Design/Logic Flaw

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file...

Easy Icon Maker .ico File Reading Crash

No description provided by source. ! /usr/bin/python Easy Icon Maker .ico File Reading Crash Homepage: www.icon-maker.com Credit : ItSecTeam mail : [email protected] Web: WwW.ITSecTeam.com Forum: WwW.forum.itsecteam.com Special Tanks : PLATE - [email protected] - B3hz4d - Cdef3nder EAX 30303030 ECX 000000...

mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read

No description provided by source. ----------------------------------------------------------- PT-2013-17 Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- --- Vulnerable software mnoGoSearch Version: 3.3.12...

Nokia IPSO 3.4.x Voyager ReadFile.TCL Remote File Reading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7426/info It has been reported that Nokia IPSO does not properly handle some types of requests through Voyager. Because of this, an attacker with access to the interface may be able to view potentially sensitive...

Oracle <= 9i / 10g (read/write/execute) Exploitation Suite

No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...

Fizzle 0.5 RSS Feed HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

Netscape PublishingXPert 2.0/2.2/2.5 - Local File Reading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2920/info Netscape PublishingXpert is an e-commerce application distributed by Netscape. PublishingXpert manages user information, sending them special ads and personalized content. PSCOErrPage.htm does not sufficiently...

Oracle 8.1.7 JSP/JSPSQL Remote File Reading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2288/info A problem with Oracle on the Windows 2000 platform could allow users access to restricted information. This problem in the handling of input by the Oracle software may result in remote users being permitted read...

StatusNet/Laconica 0.7.4, 0.8.2, 0.9.0beta3 - Arbitrary File Reading

No description provided by source. +-------------------------------------------------------------------------------+ + StatusNet/Laconica = 0.7.4, = 0.8.2, = 0.9.0beta3 - arbitrary file reading + +-------------------------------------------------------------------------------+ Date: - 10/10/2013...