UBUNTU-CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

DEBIAN-CVE-2009-5067

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. dot dot in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a...

CVE-2009-5067

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. dot dot in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a...

CVE-2009-5067

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. dot dot in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a...

PT-2012-5373 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 2.1.x through 2.1.4 CakePHP versions 2.2.x through 2.2.0 Description: The issue allows remote attackers to read arbitrary files via XML data containing external entity references, specifically through an XML external entity X...

CVE-2012-1103

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message...

DEBIAN-CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

PT-2012-5154 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework affected versions not specified Description: The issue allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions. This can be demonstrated by...

PT-2025-26997 · D Link · D-Link Dsl-2730B +1

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2730U version IN 1.02 D-Link DSL-2750U version SEA 1.04 D-Link DSL-2750E version SEA 1.07 Description: A path traversal vulnerability exists in the web management interface of D-Link ADSL routers due to insufficient input validatio...

raptor: XML External Entity (XXE) attack via RDF files

Redland Raptor aka libraptor before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity XXE declaration and reference in an RDF document...

CVE-2012-1472

VMware vCenter Chargeback Manager aka CBM before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors...

CVE-2011-3837

Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...

CVE-2009-5089

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. dot dot in the page parameter...

CVE-2011-2780

CVE-2011-2780 is a directory traversal in Chyrp 2.x (2.0 and earlier) targeting includes/lib/gz.php. The exploitable vector is a crafted value in the file parameter (../) to read arbitrary files. The connected Nuclei template confirms the existence of a local file inclusion vulnerability and note...

Xxe

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an entity reference, a different...

CVE-2011-2206

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an entity reference, a different...

CVE-2011-1280

CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...

PT-2011-2782 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: Cisco CiscoWorks Common Services versions 3.3 and earlier Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files by utilizing a .. dot dot in the file parameter of the cwhp/auditLog.do endpoint in t...

Design/Logic Flaw

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

CVE-2011-1688

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request...