Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tripleplay
(Uniguest)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-03-04 | CVE-2024-50706 | Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. | Tripleplay | N/A | ||
| 2025-03-04 | CVE-2024-50707 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | Tripleplay | N/A | ||
| 2025-03-04 | CVE-2024-50704 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | Tripleplay | N/A | ||
| 2025-03-04 | CVE-2024-50705 | Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | Tripleplay | N/A | ||
| 2023-04-19 | CVE-2023-25759 | OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. | Tripleplay | 5.4 | ||
| 2023-04-19 | CVE-2023-25760 | Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | Tripleplay | 8.8 | ||
| 2023-04-19 | CVE-2023-26599 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | Tripleplay | 6.1 |