Vulnerabilities > Teampass

DATE CVE VULNERABILITY TITLE RISK
2017-11-27 CVE-2017-15055 Improper Privilege Management vulnerability in Teampass
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php.
network
low complexity
teampass CWE-269
8.1
2017-11-27 CVE-2017-15054 Unrestricted Upload of File with Dangerous Type vulnerability in Teampass
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
network
high complexity
teampass CWE-434
7.5
2017-11-27 CVE-2017-15053 Improper Privilege Management vulnerability in Teampass
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php.
network
low complexity
teampass CWE-269
4.9
2017-11-27 CVE-2017-15052 Improper Privilege Management vulnerability in Teampass
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php.
network
low complexity
teampass CWE-269
4.9
2017-11-27 CVE-2017-15051 Cross-site Scripting vulnerability in Teampass
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history.
network
low complexity
teampass CWE-79
5.4
2017-10-12 CVE-2017-15278 Cross-site Scripting vulnerability in Teampass
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9.
network
low complexity
teampass CWE-79
5.4
2017-06-05 CVE-2017-9436 SQL Injection vulnerability in Teampass
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
network
low complexity
teampass CWE-89
critical
9.8
2017-04-12 CVE-2015-7564 SQL Injection vulnerability in Teampass
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
network
low complexity
teampass CWE-89
critical
9.8
2017-04-12 CVE-2015-7563 Cross-Site Request Forgery (CSRF) vulnerability in Teampass
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
network
low complexity
teampass CWE-352
8.8
2017-04-12 CVE-2015-7562 Cross-site Scripting vulnerability in Teampass
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
network
low complexity
teampass CWE-79
6.1