Filtered by vendor Tecnick
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20114 | 1 Tecnick | 1 Tcexam | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | |||||
CVE-2021-20116 | 1 Tecnick | 1 Tcexam | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | |||||
CVE-2021-20115 | 1 Tecnick | 1 Tcexam | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | |||||
CVE-2021-20111 | 1 Tecnick | 1 Tcexam | 2021-08-02 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file. | |||||
CVE-2021-20112 | 1 Tecnick | 1 Tcexam | 2021-08-02 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file. | |||||
CVE-2021-20113 | 1 Tecnick | 1 Tcexam | 2021-08-02 | 5.0 MEDIUM | 5.3 MEDIUM |
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of | |||||
CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2021-07-21 | 4.3 MEDIUM | 7.4 HIGH |
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
CVE-2020-5743 | 1 Tecnick | 1 Tcexam | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. | |||||
CVE-2020-5744 | 1 Tecnick | 1 Tcexam | 2020-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | |||||
CVE-2020-5746 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
CVE-2020-5749 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group. | |||||
CVE-2020-5748 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
CVE-2020-5747 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. | |||||
CVE-2020-5750 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature. | |||||
CVE-2020-5751 | 1 Tecnick | 1 Tcexam | 2020-05-11 | 3.5 LOW | 5.4 MEDIUM |
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator. | |||||
CVE-2018-17057 | 2 Limesurvey, Tecnick | 2 Limesurvey, Tcpdf | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | |||||
CVE-2009-4747 | 1 Tecnick | 1 Aiocp | 2018-10-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. | |||||
CVE-2009-3220 | 1 Tecnick | 1 Aiocp | 2018-10-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2018-13422 | 1 Tecnick | 1 Tcexam | 2018-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | |||||
CVE-2012-4602 | 1 Tecnick | 1 Tcexam | 2012-11-26 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. |