Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
teampass teampass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2516
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass before 3.0.7.
Teampass Teampass
2 Github repositories
445
VMScore
CVE-2019-1000001
TeamPass version 2.1.27 and previous versions contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can byp...
Teampass Teampass
516
VMScore
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass up to and including 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not ava...
Teampass Teampass
435
VMScore
CVE-2015-7562
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
Teampass Teampass
1 EDB exploit
685
VMScore
CVE-2015-7563
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and previous versions allows remote malicious users to hijack the authentication of an authenticated user.
Teampass Teampass
1 EDB exploit
755
VMScore
CVE-2015-7564
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connec...
Teampass Teampass
1 EDB exploit
383
VMScore
CVE-2022-26980
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
Teampass Teampass 2.1.26
312
VMScore
CVE-2019-12950
An issue exists in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
Teampass Teampass 2.1.27.35
445
VMScore
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
Teampass Teampass 2.1.27.36
578
VMScore
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
Teampass Teampass 2.1.27.36
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »