CVE-2011-4367

This CVE concerns Apache MyFaces Core (JSF) path traversal in MyFaces JSF. Affected versions are Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6. An attacker can read arbitrary files by supplying a .. sequence via the ln parameter to faces/javax.faces.resource/web.xml or via PATH_INFO to faces/ja...

CVE-2012-3521

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. dot dot in the 1 geshi-path or 2 geshi-lang-path parameter...

openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1)

fixing the following security issues : - CVE-2013-4635.patch bnc828020 : - Integer overflow in the SdnToJewish - CVE-2013-1635.patch and CVE-2013-1643.patch bnc807707 : - reading system files via untrusted SOAP input - soap.wsdlcachedir function did not honour PHP openbasedir -...

CVE-2013-3739

CVE-2013-3739 concerns a Local File Inclusion in Network Weathermap

CVE-2014-2053

getID3 before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

CVE-2014-3838

Summary (Concrete details from provided documents): The CVE-2014-3838 issue affects ownCloud Server before 5.0.16 and 6.0.x before 6.0.3. The root cause is improper authorization checks in the core, allowing remote authenticated users with access to multiple accounts to read the names of files be...

CVE-2012-5336

The CVE-2012-5336 issue affects ownCloud Server versions prior to 4.0.8. The root cause is improper validation of the user_id session variable in lib/base.php, which allows remote authenticated users to read arbitrary files via WebDAV. Affected software: ownCloud Server

CVE-2014-0119

CVE-2014-0119 (Tomcat XXE) – Concrete details from connected docs : The vulnerability affects Apache Tomcat versions before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6. It arises from improper constraining of the class loader that accesses the XML parser used with an XSLT stylesheet, enabling...

CVE-2013-3514

Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. dot dot in the group parameter to 1 plugin-preferences.php or 2 plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: thi...

CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

UBUNTU-CVE-2014-3242

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

Design/Logic Flaw

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...

CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...

UBUNTU-CVE-2014-0054

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

CVE-2014-0054

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...

Camel: XML eXternal Entity (XXE) flaw in XSLT component

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

CVE-2014-2535

Directory traversal vulnerability in McAfee Web Gateway MWG 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port...

CVE-2013-1939

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...

CVE-2014-0630

CVE-2014-0630 affects EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11. The issue allows remote authenticated users to retrieve arbitrary files by modifying the imaging-service URL used to stream content, indicating a failure in input/url validation within the imaging servic...