Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Teampass Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9436 1 Teampass 1 Teampass 2017-06-13 7.5 HIGH 9.8 CRITICAL
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
CVE-2015-7562 1 Teampass 1 Teampass 2017-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVE-2015-7564 1 Teampass 1 Teampass 2017-04-20 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVE-2014-3774 1 Teampass 1 Teampass 2014-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.
CVE-2014-3773 1 Teampass 1 Teampass 2014-08-07 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
CVE-2014-3772 1 Teampass 1 Teampass 2014-08-07 7.5 HIGH N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
CVE-2014-3771 1 Teampass 1 Teampass 2014-08-07 7.5 HIGH N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.