EUVD-2022-2999

Malicious code in bioql PyPI...

TeamPass upload.files.php file arbitrary file upload vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. An arbitrary file upload vulnerability exists in versions of TeamPass prior to 2.1.27.9. A remote attacker can exploit this vulnerability by tampering with the parameters in a request sent to the upload.files.php file to upload...

CVE-2017-15052

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15055

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments o...

Improper access control

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...

CVE-2017-15052

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

CVE-2017-15052

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...

CVE-2017-15054

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in...

TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-30335)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A cross-site scripting vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to adequately filter data. A remote attacker can exploit this vulnerability to execute arbitrary HTML or scrip...