Vulnerabilities > Teampass > Teampass > 2.1.26.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-1000001 | Insufficiently Protected Credentials vulnerability in Teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. | 5.0 |
| 2017-11-27 | CVE-2017-15055 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 6.5 |
| 2017-11-27 | CVE-2017-15054 | Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 6.5 |
| 2017-11-27 | CVE-2017-15053 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. | 4.0 |
| 2017-11-27 | CVE-2017-15052 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. | 4.0 |
| 2017-11-27 | CVE-2017-15051 | Cross-site Scripting vulnerability in Teampass Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. | 3.5 |
| 2017-10-12 | CVE-2017-15278 | Cross-site Scripting vulnerability in Teampass Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. | 3.5 |
| 2017-06-05 | CVE-2017-9436 | SQL Injection vulnerability in Teampass TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | 7.5 |