Description
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Frontend File Manager Cross-Site Request Forgery (21.3)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.42)
WordPress Plugin WP Dynamic Keywords Injector Cross-Site Request Forgery (2.3.15)
WordPress Plugin WP Plugin Info Card Unspecified Vulnerability (2.3.6)
Oracle Database Server Improper Input Validation Vulnerability (CVE-2016-2381)