
CVE-2006-4684 – Debian Linux Security Advisory 1176-1
https://notcve.org/view.php?id=CVE-2006-4684
14 Sep 2006 — The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. El módulo docutils en Zope (Zope2) desde 2.7.0 hasta 2.7.9 y desde 2.8.0 hasta 2.8.8 no maneja adecuadamente páginas web con el marcado reStructuredText (reST), lo cual permite a atacantes remotos leer ficheros de su elección vía una... • http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html •

CVE-2006-3458 – Debian Linux Security Advisory 1113-1
https://notcve.org/view.php?id=CVE-2006-3458
07 Jul 2006 — Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando "raw" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos d... • http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html •

CVE-2005-3323 – Debian Linux Security Advisory 910-1
https://notcve.org/view.php?id=CVE-2005-3323
27 Oct 2005 — docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. A vulnerability has been discovered in zope 2.7, as Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality. • http://secunia.com/advisories/17173 •