- EPSS 0.31%
- Veröffentlicht 04.03.2025 16:15:35
- Zuletzt bearbeitet 28.05.2025 17:28:32
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
- EPSS 0.77%
- Veröffentlicht 04.03.2025 16:15:35
- Zuletzt bearbeitet 28.05.2025 17:27:58
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
CVE-2024-50705
- EPSS 0.05%
- Veröffentlicht 04.03.2025 15:15:19
- Zuletzt bearbeitet 21.05.2025 15:42:14
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
CVE-2024-50706
- EPSS 0.17%
- Veröffentlicht 04.03.2025 15:15:19
- Zuletzt bearbeitet 28.05.2025 17:26:19
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
CVE-2023-25759
- EPSS 1.21%
- Veröffentlicht 19.04.2023 12:15:08
- Zuletzt bearbeitet 05.02.2025 17:15:18
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
CVE-2023-25760
- EPSS 0.23%
- Veröffentlicht 19.04.2023 12:15:08
- Zuletzt bearbeitet 05.02.2025 17:15:18
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CVE-2023-26599
- EPSS 0.37%
- Veröffentlicht 19.04.2023 12:15:08
- Zuletzt bearbeitet 05.02.2025 17:15:19
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.