CVE-2013-4900

Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c dot dot encoded backslash in a GET request...

CVE-2013-2978

CVE-2013-2978 affects IBM Cognos Business Intelligence server versions 8.4.1, 10.1, 10.1.1, 10.2 and 10.2.1. It is described as an absolute path traversal vulnerability that allows remote authenticated users to read files by leveraging the Report Author privilege. The provided documents do not in...

CVE-2013-4780

CVE-2013-4780 affects Siemens OpenScape Branch and OpenScape SBC (before 2 R0.32.0 and before 7 R1.7.0). The vulnerability allows remote attackers to read arbitrary files via unspecified vectors. Affected components are core/getLog.php on the Siemens OpenScape appliances; no explicit exploit deta...

PT-2013-4747 · Atlassian · Crowd

Name of the Vulnerable Software and Affected Versions: Atlassian Crowd versions 2.3.8 Atlassian Crowd versions 2.4.9 Atlassian Crowd versions 2.5.x through 2.5.3 Atlassian Crowd versions 2.6.x through 2.6.2 Description: The issue allows remote attackers to read arbitrary files and send HTTP...

VulnCheck KEV: CVE-2013-3336

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors...

CVE-2013-1223

The log viewer in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38372...

UBUNTU-CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

CVE-2012-5221

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and...

DEBIAN-CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...

DEBIAN-CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

CVE-2013-1665

CVE-2013-1665 is an XXE vulnerability in Python’s XML libraries (used by OpenStack Keystone Essex/Folsom and Django) that allows reading arbitrary files via external entity declarations. Public docs show mitigations such as upstream/Keystone patches that disable XML entity parsing (see Keystone 2...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

Xxe

The XML parser in Cisco Security Monitoring, Analysis, and Response System MARS allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCue55093...

Debian DSA-2639-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

PT-2013-1700 · Tridium · Tridium Niagara Ax

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX versions 3.5 through 3.7 Description: The issue allows remote attackers to read sensitive files and potentially execute arbitrary code by leveraging valid credentials or the guest feature. Recommendations: For versions 3.5...

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...