Filtered by vendor Tecnick
Subscriptions
Filtered by product Tcexam
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2024-09-17 | N/A |
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | ||||
CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | ||||
CVE-2012-4602 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. | ||||
CVE-2012-4237 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | ||||
CVE-2018-13422 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | ||||
CVE-2012-4238 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. | ||||
CVE-2010-2153 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | ||||
CVE-2020-5743 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 4.3 Medium |
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | ||||
CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | ||||
CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 6.1 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | ||||
CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 6.1 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 7.4 High |
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
CVE-2020-5744 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 4.9 Medium |
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | ||||
CVE-2021-20116 | 1 Tecnick | 1 Tcexam | 2024-08-03 | 6.1 Medium |
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | ||||
CVE-2021-20113 | 1 Tecnick | 1 Tcexam | 2024-08-03 | 5.3 Medium |
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of | ||||
CVE-2021-20111 | 1 Tecnick | 1 Tcexam | 2024-08-03 | 5.4 Medium |
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file. | ||||
CVE-2021-20114 | 1 Tecnick | 1 Tcexam | 2024-08-03 | 7.5 High |
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. |