Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
http://www.vupen.com/english/advisories/2006/2681
http://www.securityfocus.com/bid/18856
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.debian.org/security/2006/dsa-1113
http://secunia.com/advisories/21459
http://secunia.com/advisories/21130
http://secunia.com/advisories/21025
http://secunia.com/advisories/20988
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html