Vulnerabilities > Teampass
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-27 | CVE-2017-15055 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 8.1 |
2017-11-27 | CVE-2017-15054 | Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 7.5 |
2017-11-27 | CVE-2017-15053 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. | 4.9 |
2017-11-27 | CVE-2017-15052 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. | 4.9 |
2017-11-27 | CVE-2017-15051 | Cross-site Scripting vulnerability in Teampass Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. | 5.4 |
2017-10-12 | CVE-2017-15278 | Cross-site Scripting vulnerability in Teampass Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. | 5.4 |
2017-06-05 | CVE-2017-9436 | SQL Injection vulnerability in Teampass TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | 9.8 |
2017-04-12 | CVE-2015-7564 | SQL Injection vulnerability in Teampass Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | 9.8 |
2017-04-12 | CVE-2015-7563 | Cross-Site Request Forgery (CSRF) vulnerability in Teampass Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | 8.8 |
2017-04-12 | CVE-2015-7562 | Cross-site Scripting vulnerability in Teampass Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | 6.1 |