DSA-3001-1 wordpress -- security update
|8||(AV:N/AC:L/Au:N/C:P/I:P/A:P)||August 09, 2014||August 11, 2014||July 04, 2017|
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
- Wordpress: CVE-2014-5204: Different timing to reject invalid CSRF nonces can allow for brute-force attacks in 'wp-includes/pluggable.php'
- Drupal: CVE-2014-5266 : SA-CORE-2014-004 - Drupal core - Denial of service
- Wordpress: CVE-2014-5265: Recursion in entity declaration om XML documents allows for Denial of Service (DoS) attacks
- Wordpress: CVE-2014-5240: Cross-Site Scripting (XSS) Vulnerability in 'wp-includes/pluggable.php' when Multisite is enabled
- Wordpress: CVE-2014-5205: Lack of delimiters during concatenation of action and uid values in CSRF tokens allow for brute-force attacks in 'wp-includes/pluggable.php'
- DSA-2999-1 drupal7 -- security update
- Wordpress: CVE-2014-5266: Lack of limits on the number of elements in an XML document allows for Denial of Service (DoS) attacks
- Drupal: CVE-2014-5265 : SA-CORE-2014-004 - Drupal core - Denial of service