The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TeamPass

vulnerability alert 28761

TeamPass: privilege escalation via Delete Permission

Synthesis of the vulnerability

An attacker can bypass restrictions via Delete Permission of TeamPass, in order to escalate his privileges.
Impacted products: TeamPass.
Severity: 1/4.
Consequences: data deletion.
Provenance: user account.
Creation date: 18/03/2019.
Identifiers: 2564, VIGILANCE-VUL-28761.

Description of the vulnerability

An attacker can bypass restrictions via Delete Permission of TeamPass, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27083

TeamPass: vulnerability via User Password Recovery

Synthesis of the vulnerability

A vulnerability via User Password Recovery of TeamPass was announced.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Creation date: 27/08/2018.
Identifiers: VIGILANCE-VUL-27083.

Description of the vulnerability

A vulnerability via User Password Recovery of TeamPass was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15051 CVE-2017-15052 CVE-2017-15053

TeamPass: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TeamPass.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/11/2017.
Identifiers: CVE-2017-15051, CVE-2017-15052, CVE-2017-15053, CVE-2017-15054, CVE-2017-15055, VIGILANCE-VUL-24548.

Description of the vulnerability

An attacker can use several vulnerabilities of TeamPass.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15278

TeamPass: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of TeamPass, in order to run JavaScript code in the context of the web site.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/10/2017.
Identifiers: CVE-2017-15278, VIGILANCE-VUL-24058.

Description of the vulnerability

The TeamPass product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of TeamPass, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-9436

TeamPass: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of TeamPass, in order to run JavaScript code in the context of the web site.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 29/05/2017.
Identifiers: CVE-2017-9436, VIGILANCE-VUL-22851.

Description of the vulnerability

The TeamPass product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of TeamPass, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 22092

TeamPass: Cross Site Scripting via index.php

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via index.php of TeamPass, in order to run JavaScript code in the context of the web site.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/03/2017.
Identifiers: VIGILANCE-VUL-22092.

Description of the vulnerability

The TeamPass product offers a web service.

However, it does not filter received data via index.php before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via index.php of TeamPass, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20054

TeamPass: SQL injection via items.queries.php, import.queries.php

Synthesis of the vulnerability

An attacker can use a SQL injection via items.queries.php, import.queries.php of TeamPass, in order to read or alter data.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 11/07/2016.
Identifiers: VIGILANCE-VUL-20054.

Description of the vulnerability

The TeamPass product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via items.queries.php, import.queries.php of TeamPass, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 20032

TeamPass: code execution

Synthesis of the vulnerability

An authenticated attacker can send a file in /files directory of Teampass, in order to run code.
Impacted products: TeamPass.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 06/07/2016.
Identifiers: VIGILANCE-VUL-20032.

Description of the vulnerability

The Teampass product is a Web application written in PHP.

However, authenticated users with read-only rights can upload PHP files to the /files directory. There is no check on extension or content for the file.

An authenticated attacker can therefore send a file in /files directory of Teampass, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 19816

Teampass: Cross Site Scripting via dialogbox

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via dialogbox of Teampass, in order to run JavaScript code in the context of the web site.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/06/2016.
Identifiers: VIGILANCE-VUL-19816.

Description of the vulnerability

The Teampass product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via dialogbox of Teampass, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 19637

TeamPass: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TeamPass.
Impacted products: TeamPass.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/05/2016.
Identifiers: VIGILANCE-VUL-19637.

Description of the vulnerability

Several vulnerabilities were announced in TeamPass.

An attacker can traverse directories in downloadFile.php, in order to read a file outside the root path. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TeamPass: