CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7563 – TeamPass 2.1.24 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7563
12 Apr 2017 — Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Vulnerabilidad (CSRF) en TeamPass 2.1.24 y versiones anteriores permite a atacantes remotos a secuestrar la autenticación de un usuario autenticado. • https://www.exploit-db.com/exploits/39559 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7562 – TeamPass 2.1.24 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7562
12 Apr 2017 — Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. Múltiples vulnerabilidades (XSS) en TeamPass 2.1.24 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTLM a través del (1) valor de etiqueta o (2) nombre de una función. • https://www.exploit-db.com/exploits/39559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7564 – TeamPass 2.1.24 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7564
12 Apr 2017 — Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. Múltiples vulnerabilidades de inyección SQL en TeamPass 2.1.24 y versiones anteriores permiten a atacantes remotos a ejecutar comandos arbitrarios SQL a través de (1) el parám... • https://www.exploit-db.com/exploits/39559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 1CVE-2014-3771
https://notcve.org/view.php?id=CVE-2014-3771
07 Aug 2014 — TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. TeamPass anterior a 2.1.20 permite a atacantes remotos evadir las restricciones de acceso a través de la ruta del fichero de idiomas en (1) una solicitud en index.php o (2) una solicitud 'change_user_language' en sources/main.queries.php. • http://teampass.net/installation/2.1.20-released.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 1CVE-2014-3772
https://notcve.org/view.php?id=CVE-2014-3772
07 Aug 2014 — TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. TeamPass anterior a 2.1.20 permite a atacantes remotos evadir las restricciones de acceso a través de una solicitud en index.php seguida por una solicitud directa en un fichero que llama la función session_start antes de comprobar la cla... • http://teampass.net/installation/2.1.20-released.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 2CVE-2014-3773
https://notcve.org/view.php?id=CVE-2014-3773
07 Aug 2014 — Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to ... • http://teampass.net/installation/2.1.20-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 2CVE-2014-3774
https://notcve.org/view.php?id=CVE-2014-3774
07 Aug 2014 — Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. Múltiples vulnerabilidades de XSS en items.php en TeamPass anterior a 2.1.20 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del ... • http://teampass.net/installation/2.1.20-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •