Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tecnick tcexam vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-20114
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
Tecnick Tcexam
4.3
CVSSv2
CVE-2021-20115
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could cra...
Tecnick Tcexam
4.3
CVSSv2
CVE-2021-20116
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker coul...
Tecnick Tcexam
5
CVSSv2
CVE-2011-3806
TCExam 11.1.015 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
Tecnick Tcexam 11.1.015
3.5
CVSSv2
CVE-2020-5751
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
Tecnick Tcexam 14.2.2
4
CVSSv2
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated malicious user to access test metadata for which they don't have permission.
Tecnick Tcexam 14.2.2
4.3
CVSSv2
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote malicious user to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Tecnick Tcexam 14.2.2
3.5
CVSSv2
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Tecnick Tcexam 14.2.2
3.5
CVSSv2
CVE-2020-5747
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Tecnick Tcexam 14.2.2
4.3
CVSSv2
CVE-2020-5748
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated malicious user to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
Tecnick Tcexam 14.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »