Filtered by vendor Tecnick
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3806 | 1 Tecnick | 1 Tcexam | 2024-09-17 | N/A |
| TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | ||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | ||||
| CVE-2012-4602 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. | ||||
| CVE-2012-4237 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | ||||
| CVE-2018-13422 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | ||||
| CVE-2012-4238 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. | ||||
| CVE-2010-2153 | 1 Tecnick | 1 Tcexam | 2024-09-16 | N/A |
| Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/. | ||||
| CVE-2009-4747 | 1 Tecnick | 1 Aiocp | 2024-08-07 | N/A |
| PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. | ||||
| CVE-2009-3220 | 1 Tecnick | 1 Aiocp | 2024-08-07 | N/A |
| PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2018-17057 | 2 Limesurvey, Tecnick | 2 Limesurvey, Tcpdf | 2024-08-05 | N/A |
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | ||||
| CVE-2020-5743 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 4.3 Medium |
| Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | ||||
| CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | ||||
| CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | ||||
| CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 6.1 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | ||||
| CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 7.4 High |
| Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 5.4 Medium |
| Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | ||||
| CVE-2020-5744 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 4.9 Medium |
| Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | ||||
| CVE-2021-20116 | 1 Tecnick | 1 Tcexam | 2024-08-03 | 6.1 Medium |
| A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | ||||