250 matches found
TCExam 11.1.16 - user_password Cross-Site Scripting
TCExam 11.1.16 - userpassword Cross-Site Scripting source: https://www.securityfocus.com/bid/46096/info TCExam is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
TCExam 11.1.16 - 'user_password' Cross-Site Scripting
source: https://www.securityfocus.com/bid/46096/info TCExam is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
TCExam 11.1.016 Cross Site Scripting
------------------------------------------------------------------------ Software................TCExam 11.1.016 Vulnerability...........Reflected Cross-site Scripting Download................http://www.tcexam.org/ Release Date............1/31/2011 Tested On...............Windows 7 + XAMPP...
TCExam 'tce_functions_tcecode_editor.php' File Upload Vulnerability
This host is running TCExam and is prone to file upload vulnerability. OpenVAS Vulnerability Test $Id: gbtcexamfileuploadvuln.nasl 5843 2017-04-03 13:42:51Z cfi $ TCExam 'tcefunctionstcecodeeditor.php' File Upload Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks Gmb...
Tecnick TCExam < 10.1.012 File Upload Vulnerability - Active Check
Tecnick TCExam is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tecnick:tcexam";...
Tecnick TCExam Detection (HTTP)
HTTP based detection of Tecnick TCExam. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800792";...
CVE-2010-2153
Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...
Unrestricted file upload
Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...
CVE-2010-2153
Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...
CVE-2010-2153
Affected software: TCExam (versions 10.1.006 and 10.1.007). Vulnerable component: admin/code/tce_functions_tcecode_editor.php. Root cause / vulnerability type: Unrestricted file upload allowing an uploaded file with an executable extension to be stored and then accessed via a direct request to th...
TCExam 10.1.006 Shell Upload
============================================================================================================ //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...
TCExam 10.1.7 - admincodetce_functions_tcecode_editor.php Arbitrary File Upload
TCExam 10.1.7 - admincodetcefunctionstcecodeeditor.php Arbitrary File Upload source: https://www.securityfocus.com/bid/40511/info TCExam is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied inpu...
TCExam 10.1.7 - '/admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/40511/info TCExam is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and ru...
Sql injection
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2007-6288
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2007-6288
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2007-6288
CVE-2007-6288 affects TCExam prior to 5.1.000 and involves multiple SQL injection vulnerabilities. The underlying issue is injection in SQL queries, allowing remote attackers to run arbitrary SQL via unspecified vectors. Reported impact per the entry indicates partial confidentiality, integrity, ...
tcexam-inject.txt
resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else if !empty$this-cachefile // open cache file...
CVE-2007-2431
Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...
CVE-2007-2430
shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...