DEBIAN-CVE-2014-3578

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL...

CVE-2014-9046

The OCUtil::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol...

CVE-2013-6892

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit...

IBM WebSphere Application Server Directory Traversal Vulnerability (CNVD-2014-09182)

IBM WebSphere Application Server is developed by IBM in accordance with open standards and issued an application server. A directory traversal vulnerability in IBM WebSphere Application Server versions 8.0.x prior to 8.0.0.10 and 8.5.x prior to 8.5.5.4 allows remote attackers to read arbitrary...

CVE-2014-5325

The 1 DOMConverter, 2 JDOMConverter, 3 DOM4JConverter, and 4 XOMConverter functions in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference,...

DEBIAN-CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

Xxe

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2013-1641

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. dot dot in the selitems parameter in a downloadselected action to index.php...

Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing

It was found that Teiid SQL/XML permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user...

Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

Binary data 8400.prm...

DEBIAN-CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-3543

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...

VulnCheck KEV: CVE-2013-5014

The management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external...

CVE-2014-2510

The JAXB XML parser in EMC Documentum Foundation Services DFS 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity...

CVE-2014-2510

The JAXB XML parser in EMC Documentum Foundation Services DFS 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity...

University of Washington pop2d 4.46/4.51/4.54/4.55 Remote File Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1484/info A vulnerability exists in versions of the ipop2d daemon, through version 4.55. ipop2d is part of the University of Washington imap package. Versions through 4.7c of the imap package are affected. Any user who ha...

GeoCel WindMail 3.0 - Remote File Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1073/info WindMail is a command-line mailer that can be integrated with perl cgi applications to create form-mail capability for a website. WindMail 3.0 and possibly previous versions can be used to retrieve any ascii fil...

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

No description provided by source. Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4.6 Summary: Piwigo is a photo gallery software for the web that comes with powerful features to publish a...

CVE-2014-4153

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...