Lucene search

K

Keep Security Vulnerabilities

cve
cve

CVE-2023-6673

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before...

6.1CVSS

6.3AI Score

0.0005EPSS

2024-02-02 01:15 PM
17
cve
cve

CVE-2023-6676

Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before...

8.8CVSS

8.6AI Score

0.001EPSS

2024-02-02 01:15 PM
9
cve
cve

CVE-2023-6672

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-02-02 01:15 PM
8
cve
cve

CVE-2023-6675

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before...

9.8CVSS

9.2AI Score

0.001EPSS

2024-02-02 01:15 PM
13
cve
cve

CVE-2023-26128

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

8.4CVSS

7.9AI Score

0.0004EPSS

2023-05-27 05:15 AM
17
cve
cve

CVE-2022-30877

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is...

9.8CVSS

9.4AI Score

0.005EPSS

2022-06-08 06:15 PM
42
4
cve
cve

CVE-2022-23377

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local...

7.5CVSS

7.4AI Score

0.02EPSS

2022-03-01 01:15 PM
46
cve
cve

CVE-2009-0287

SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2)...

8.7AI Score

0.002EPSS

2009-01-27 06:30 PM
25
cve
cve

CVE-2006-6763

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c)...

8AI Score

0.005EPSS

2006-12-27 02:28 AM
23
cve
cve

CVE-2006-6764

PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes...

7.9AI Score

0.012EPSS

2006-12-27 02:28 AM
23