6 matches found
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...
EUVD-2022-4934
Malicious code in bioql PyPI...
EUVD-2024-3566
Malicious code in bioql PyPI...
CVE-2024-50702
TeamPass before 3.1.3.1 does not properly check whether a mailme aka actionmail operation is on behalf of an administrator or manager...
CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...
CVE-2014-3772
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the sessionstart function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php...