CVE-2016-9199

A vulnerability in the Cisco application-hosting framework CAF of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More...

CVE-2016-5765

Administrative Server in Micro Focus Host Access Management and Security Server MSS and Reflection for the Web RWeb and Reflection Security Gateway RSG and Reflection ZFE ZFE allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory...

CVE-2016-0284

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Ration...

Spark Directory Traversal Vulnerability

Spark is a set of lightweight framework for creating Web applications. A directory traversal vulnerability exists in Spark version 2.5. A remote attacker can leverage the directory traversal character in the URI '... /' in a URI to read arbitrary files...

CVE-2016-5971

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference,...

CVE-2016-6370

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment HCM-F 10.63 and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255...

DEBIAN-CVE-2016-1242

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

PYSEC-2016-41

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

PYSEC-2016-13

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

CVE-2016-5049

CVE-2016-5049 is a directory-traversal vulnerability in ReadyDesk 9.1, affecting the chat/openattach.aspx endpoint. The SESID parameter (together with FNAME) can be abused to read arbitrary files via ... path traversal, exposing sensitive data. Impact is read access to files on the server; no exp...

CVE-2016-2206

The management console in Symantec Workspace Streaming SWS 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization SWV 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download...

CVE-2016-0298

Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL...

PT-2016-5649 · Xstream +1 · Xstream +1

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.9 Description: The issue concerns multiple XML external entity XXE vulnerabilities in various drivers of XStream. These vulnerabilities allow remote attackers to read arbitrary files via a crafted XML document. N...

UBUNTU-CVE-2015-4176

fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory...

DEBIAN-CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

CVE-2016-2340

The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...

CVE-2016-0245

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

DEBIAN-CVE-2013-7448

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get...

CVE-2016-1525

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. dot dot in the realName parameter...

CVE-2016-0882

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...