Show filters
17 Total Results
Displaying 1-10 of 17
Sort by:
Attacker Value
Unknown
CVE-2024-13725
Disclosure Date: February 18, 2025 (last updated February 23, 2025)
The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If register_argc_argv is enabled on the server and pearcmd.php is installed, this issue might lead to Remote Code Execution.
0
Attacker Value
Unknown
CVE-2024-47642
Disclosure Date: October 05, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1.
0
Attacker Value
Unknown
CVE-2023-44241
Disclosure Date: October 10, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions.
0
Attacker Value
Unknown
CVE-2022-29362
Disclosure Date: May 25, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.
0
Attacker Value
Unknown
CVE-2021-46113
Disclosure Date: January 25, 2022 (last updated February 23, 2025)
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.
0
Attacker Value
Unknown
CVE-2020-20670
Disclosure Date: September 13, 2021 (last updated February 23, 2025)
An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.
0
Attacker Value
Unknown
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Disclosure Date: October 16, 2019 (last updated November 27, 2024)
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
0
Attacker Value
Unknown
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Disclosure Date: October 16, 2019 (last updated November 27, 2024)
A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
0
Attacker Value
Unknown
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
Disclosure Date: October 16, 2019 (last updated November 27, 2024)
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2
0
Attacker Value
Unknown
Failure to release memory may exhaust system resources
Disclosure Date: January 16, 2019 (last updated November 27, 2024)
An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.
0