Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tecnick vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-13422
TCExam prior to 14.1.2 has XSS via an ff_ or xl_ field.
Tecnick Tcexam
5.4
CVSSv3
CVE-2021-20112
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascr...
Tecnick Tcexam
6.5
CVSSv3
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Tecnick Tcexam
NA
CVE-2009-4747
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote malicious users to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220.
Tecnick Aiocp 1.4.001
1 EDB exploit
NA
CVE-2011-3806
TCExam 11.1.015 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
Tecnick Tcexam 11.1.015
NA
CVE-2009-3220
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote malicious users to execute arbitrary PHP code via a URL in the page parameter.
Tecnick Aiocp 1.4.001
1 EDB exploit
4.3
CVSSv3
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated malicious user to access test metadata for which they don't have permission.
Tecnick Tcexam 14.2.2
4.9
CVSSv3
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated malicious user to read the contents of arbitrary files on disk.
Tecnick Tcexam 14.2.2
7.4
CVSSv3
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote malicious user to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Tecnick Tcexam 14.2.2
5.4
CVSSv3
CVE-2020-5746
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated malicious user to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Tecnick Tcexam 14.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »