Authorization Bypass Through User-Controlled Key

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper handling of user session identifiers through the users.queries.php component. An attacker can escalate privileges and perfo...

Improper Authorization

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Improper Authorization due to improper validation of user permissions in the items.queries.php component. An attacker can gain unauthorized access to folders by exploiting the lack of prop...

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from an inability to properly prevent users from acting with different userid privileges...

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from an inability to properly check if the mailme operation represents an administrator...

PT-2024-34392 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.1.3.1 Description: The issue arises when retrieving information about access rights for a folder. TeamPass does not properly check whether a folder is in a user's allowed folders list that has been defined by an...

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from the inability to properly check whether a folder is located in an administrator-defined list of user-allowed folders wh...

WordPress plugin JetEngine 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

SUSE CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

DEBIAN-CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...