Filtered by vendor Teampass
Subscribe
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9436 | 1 Teampass | 1 Teampass | 2017-06-13 | 7.5 HIGH | 9.8 CRITICAL |
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | |||||
CVE-2015-7562 | 1 Teampass | 1 Teampass | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | |||||
CVE-2015-7564 | 1 Teampass | 1 Teampass | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. | |||||
CVE-2014-3774 | 1 Teampass | 1 Teampass | 2014-08-07 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | |||||
CVE-2014-3773 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | |||||
CVE-2014-3772 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. | |||||
CVE-2014-3771 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. |