EUVD-2015-8634

Malware in sbrugna...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

CVE-2015-8761

The vulnerability CVE-2015-8761 affects the Drupal Values module (7.x-1.x) prior to 7.x-1.2. Root cause: insufficient permission checks allow remote administrators with the "Import value sets" permission to run arbitrary PHP code via an exported values list in a ctools import. Impact: potential a...

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

Drupal Values Module Arbitrary PHP Code Execution Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Values is one of the modules used to customize various types of key-value pairs in the backend. An arbitrary PHP code execution vulnerability exists in the Drupal Values module in...

Values - Critical - Arbitrary PHP code execution - SA-CONTRIB-2015-172

This module enables you to create key|value pairs for use in list fields, webforms etc. The module includes an import page that runs eval on an exported code block ctools, but the permission for the page does not warn about security concerns of importing raw php code like this trusted permission...