250 matches found
Directory traversal
shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...
Cross site scripting
Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...
CVE-2007-2431
Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...
CVE-2007-2430
shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...
CVE-2007-2430
CVE-2007-2430 affects TCExam 4.0.011 and earlier. The vulnerability is in shared/code/tce_tmx.php, where an attacker can create arbitrary PHP files in cache/ by placing crafted content and directory-traversal data into a SessionUserLang cookie that is processed by public/code/index.php. This indi...
CVE-2007-2431
TCExam 4.0.011 and earlier are affected by a dynamic variable evaluation vulnerability in shared/config/tce_config.php. The flaw allows remote XSS by modifying critical variables (notably $_SERVER) via _SERVER[SCRIPT_NAME], enabling script injection and related impact as described in the CVE entr...
TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit
No description provided by source. ?php printr' -------------------------------------------------------------------------- TCExam = 4.0.011 $COOKIE"SessionUserLang" shell injection exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org...
TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit
Exploit for unknown platform in category web applications =========================================================== TCExam resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // re...
TCExam 4.0.011 - 'SessionUserLang' Shell Injection
resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else if !empty$this-cachefile // open cache file...
TCExam 4.0.011 - SessionUserLang Shell Injection
TCExam 4.0.011 - SessionUserLang Shell Injection resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else i...