Yahoo!: Read arbitrary XML files on YQL backend servers via XSLT document()

The YQL Yahoo! Query Language service had an arbitrary XSLT document execution vulnerability. The YQL service allowed users to execute arbitrary XSLT stylesheets under the Apache Xalan-J XSLTC processor via the xslt table. Although the JAXP secure mode feature was activated to prevent code...