20 matches found
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
EUVD-2023-29665
Malicious code in bioql PyPI...
EUVD-2023-29664
Malicious code in bioql PyPI...
CVE-2023-26599
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-26599
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link...
Cross site request forgery (csrf)
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
Command injection
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25760
Tripleplay Platform (Caveman) prior to version 3.4.0 is affected by an Incorrect Access Control vulnerability that lets an authenticated user modify other users’ passwords via a crafted request payload. Public details consistently identify the affected software as Tripleplay Platform with Caveman...
CVE-2023-25759
The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...
CVE-2023-26599
CVE-2023-26599 describes an XSS vulnerability in Tripleplay Platform’s TripleSign component, affecting releases prior to Caveman 3.4.0. The issue allows an attacker to inject client-side code and execute it in the context of an authenticated user via a crafted link. The available sources consiste...
PT-2023-20758 · Unknown · Triplesign +1
Name of the Vulnerable Software and Affected Versions: Tripleplay Platform versions prior to 3.4.0 Description: The issue allows attackers to inject client-side code to run as an authenticated user via a crafted link. This is a result of an XSS vulnerability in TripleSign. Recommendations: For...
CVE-2023-26599
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...
PT-2023-20282 · Unknown · Tripledata Reporting Engine +1
Name of the Vulnerable Software and Affected Versions: Tripleplay Platform versions prior to 3.4.0 Description: The issue allows authenticated users to run unprivileged OS level commands via a crafted request payload. This is due to an OS Command Injection in the TripleData Reporting Engine...