Vincent Malguy - Security Researcher - Exploit Intelligence Platform

CVE-2015-7563 EXPLOITDB HIGH text WRITEUP

TeamPass <2.1.24 - CSRF

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.

CVSS 8.8

View Code

CVE-2015-7562 EXPLOITDB MEDIUM text WRITEUP

TeamPass <2.1.24 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

CVSS 6.1

View Code

CVE-2015-7564 EXPLOITDB CRITICAL text WRITEUP

TeamPass <2.1.24 - SQL Injection

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

CVSS 9.8

View Code

CVE-2016-8641 EXPLOITDB MEDIUM bash WORKING POC

Nagios 4.2.x - Privilege Escalation

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

CVSS 6.7

View Code