Vulnerabilities > Teampass

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-27	CVE-2017-15055	Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. network low complexity teampass CWE-269	6.5
2017-11-27	CVE-2017-15054	Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. network low complexity teampass CWE-434	6.5
2017-11-27	CVE-2017-15053	Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. network low complexity teampass CWE-269	4.0
2017-11-27	CVE-2017-15052	Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. network low complexity teampass CWE-269	4.0
2017-11-27	CVE-2017-15051	Cross-site Scripting vulnerability in Teampass Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. network teampass CWE-79	3.5
2017-10-12	CVE-2017-15278	Cross-site Scripting vulnerability in Teampass Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. network teampass CWE-79	3.5
2017-06-05	CVE-2017-9436	SQL Injection vulnerability in Teampass TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. network low complexity teampass CWE-89	7.5
2017-04-12	CVE-2015-7564	SQL Injection vulnerability in Teampass Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. network low complexity teampass CWE-89	7.5
2017-04-12	CVE-2015-7563	Cross-Site Request Forgery (CSRF) vulnerability in Teampass Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. network teampass CWE-352	6.8
2017-04-12	CVE-2015-7562	Cross-site Scripting vulnerability in Teampass Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. network teampass CWE-79	4.3

Vulnerabilities > Teampass {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Teampass"}]}

Vulnerabilities > Teampass