PT-2026-25541

A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce edit group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly...

EUVD-2012-4182

Malware in sbrugna...

EUVD-2007-2425

Malware in sbrugna...

EUVD-2007-2426

Malware in sbrugna...

EUVD-2020-26904

Malware in sbrugna...

EUVD-2018-5365

Malware in sbrugna...

EUVD-2021-7568

Malicious code in bioql PyPI...

EUVD-2021-7573

Malicious code in bioql PyPI...

EUVD-2021-7569

Malicious code in bioql PyPI...

EUVD-2021-7572

Malicious code in bioql PyPI...

CVE-2021-20116

A reflected cross-site scripting vulnerability exists in TCExam = 14.8.4. The paths provided in the f, d, and dir parameters in tceselectmediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious lin...

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

CVE-2020-5751

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted operator...

CVE-2020-5743

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission...

CVE-2020-5744

Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk...

CVE-2020-5747

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

CVE-2010-2153

Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...

CVE-2012-4238

Cross-site scripting XSS vulnerability in admin/code/tceeditanswer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the questionsubjectid parameter...

CVE-2011-3806

TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tcepagefooter.php and certain other files...