Vincent Malguy

4 exploits Active since Apr 2017
CVE-2015-7563 EXPLOITDB HIGH text WRITEUP
TeamPass < 2.1.24.0 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
CVSS 8.8
CVE-2015-7562 EXPLOITDB MEDIUM text WRITEUP
TeamPass < 2.1.24 - Cross-Site Scripting via Item Label or Role Name
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVSS 6.1
CVE-2015-7564 EXPLOITDB CRITICAL text WRITEUP
TeamPass < 2.1.24 - SQL Injection via Item Query or View Log Parameters
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVSS 9.8
CVE-2016-8641 EXPLOITDB MEDIUM bash WORKING POC
Nagios 4.2.x - Privilege Escalation
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
CVSS 6.7