{"id":"CVE-2005-0072","details":"zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.","modified":"2026-04-10T03:36:48.838439Z","published":"2005-01-24T05:00:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/13977"},{"type":"ADVISORY","url":"http://secunia.com/advisories/13982"},{"type":"ADVISORY","url":"http://secunia.com/advisories/13987"},{"type":"ADVISORY","url":"http://www.debian.org/security/2005/dsa-655"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2005:012"},{"type":"EVIDENCE","url":"http://www.debian.org/security/2005/dsa-655"},{"type":"FIX","url":"http://www.debian.org/security/2005/dsa-655"},{"type":"WEB","url":"http://securitytracker.com/id?1012977"},{"type":"WEB","url":"http://www.securityfocus.com/bid/12343"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19045"}],"schema_version":"1.7.5"}