37 matches found
CVE-2025-70887
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...
EUVD-2025-209004
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...
Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...
CVE-2025-70887
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...
EUVD-2015-1194
Malware in sbrugna...
EUVD-2010-1611
Malware in sbrugna...
EUVD-2013-4317
Malware in sbrugna...
EUVD-2012-3332
Malware in sbrugna...
EUVD-2013-4316
Malware in sbrugna...
EUVD-2012-6002
Malware in sbrugna...
Open redirect
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...
CVE-2015-1051
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...
Drupal Context Module Open Redirect Vulnerability
Drupal is written using the PHP language open source content management framework , which consists of a content management system and PHP development framework together . An open redirection vulnerability exists in the Drupal Context Module, which allows remote attackers to construct malicious UR...
CVE-2012-6141
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to 1 App::Session::Cookie or 2 App::Session::HTMLHidden, which is not properly handled when it is deserialized...
Code injection
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to 1 App::Session::Cookie or 2 App::Session::HTMLHidden, which is not properly handled when it is deserialized...
CVE-2013-4446
The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
Design/Logic Flaw
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
Design/Logic Flaw
The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2013-4446
CVE-2013-4446 affects Drupal Context module (drupal6-context 6.x-2.x before 6.x-3.2; 7.x-3.x before 7.x-3.0). The vulnerability arises when PHP lacks a json_decode function or json library, allowing remote attackers to execute arbitrary PHP code via Ajax-related vectors (possibly involving eval)....