CVE-2014-9436

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile.

Date published : 2015-01-02

http://www.exploit-db.com/exploits/35593

http://seclists.org/fulldisclosure/2014/Dec/99