4 matches found
EUVD-2022-2999
Malicious code in bioql PyPI...
TeamPass upload.files.php file arbitrary file upload vulnerability
TeamPass is a dedicated password manager for Apache, MySQL and PHP. An arbitrary file upload vulnerability exists in versions of TeamPass prior to 2.1.27.9. A remote attacker can exploit this vulnerability by tampering with the parameters in a request sent to the upload.files.php file to upload...
CVE-2017-15052
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user including admin, or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an...
CVE-2017-15051
Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...