PT-2013-1408 · Gnome +3 · Gnome Evolution +3

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions prior to 3.2.3 Description: The issue allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a "mailto:" URL, which attaches the file to the email. This enables attackers to acce...

puppet: authenticated clients allowed to read arbitrary files from the puppet master

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

PT-2012-1276 · Html2Ps · Html2Ps

Name of the Vulnerable Software and Affected Versions: html2ps versions prior to 1.0b6 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the include file SSI directive. This might be a problem in limited scenarios, such as if html2ps is invoked by a web...

DEBIAN-CVE-2012-2737

The userchangeiconfileauthorizedcb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition...

DEBIAN-CVE-2012-2139

Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...

raptor: XML External Entity (XXE) attack via RDF files

Redland Raptor aka libraptor before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity XXE declaration and reference in an RDF document...

ManageEngine DeviceExpert <= 5.6 Directory Traversal Vulnerability - Active Check

ManageEngine DeviceExpert is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HP Data Protector Media Operations DBServer opcode 0x10 Traversal Arbitrary File Access

HP Data Protector Media Operations is affected by a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successfully exploiting the issue may allow an attacker to obtain read arbitrary files that could aid in further attacks. %NASLMINLEVEL 70300 C...

CVE-2011-4785

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0I35128 allows remote attackers to read arbitrary files via unspecified...

Serv-U FTP Server Jail Break

Serv-U FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to read arbitrary files from locations outside of the application's current directory. This could help the attacker launc...

CVE-2011-2746

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...

DEBIAN-CVE-2011-2746

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...

Design/Logic Flaw

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML-RPC request containing an entity declaration in conjunction with an entity reference,...

Tele Data Contact Management Server <= 1.1 Directory Traversal Vulnerability - Active Check

Tele Data Contact Management Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

QuickShare File Share FTP Server < 1.2.2 Directory Traversal Vulnerability - Active Check

QuickShare File Share FTP Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-4102

Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors...

PT-2010-1184 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 and earlier Description: The issue allows remote attackers to read arbitrary files due to directory traversal vulnerabilities in the administrator console. This is achieved via the locale parameter to various...

CVE-2010-2035

Directory traversal vulnerability in the Percha Gallery comperchagallery component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2010-1982

Directory traversal vulnerability in the JA Voice comjavoice component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php...