Home/Product/tecnick tcexam
Product

tecnick tcexam

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-6554
< 15.1.0
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possibl
6.5MEDIUM
 CVE-2021-20116
<= 14.8.4
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in t
6.1MEDIUM
 CVE-2021-20115
<= 14.8.3
A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in t
6.1MEDIUM
 CVE-2021-20114
<= 14.8.1
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/bac
7.5HIGH
 CVE-2021-20113
<= 14.8.1
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email a
5.3MEDIUM
 CVE-2021-20112
<= 14.8.1
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a f
5.4MEDIUM
 CVE-2021-20111
<= 14.8.1
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filena
5.4MEDIUM
 CVE-2020-5751
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripti
5.4MEDIUM
 CVE-2020-5750
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scrip
6.1MEDIUM
 CVE-2020-5749
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripti
5.4MEDIUM
 CVE-2020-5748
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scrip
6.1MEDIUM
 CVE-2020-5747
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripti
5.4MEDIUM
 CVE-2020-5746
all versions
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripti
5.4MEDIUM
 CVE-2020-5745
all versions
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitima
7.4HIGH
 CVE-2020-5744
all versions
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
4.9MEDIUM
 CVE-2020-5743
all versions
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for whic
4.3MEDIUM
 CVE-2018-13422
< 14.1.2
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
6.1MEDIUM
 CVE-2012-4602
<= 11.3.008
Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.00
 CVE-2012-4601
<= 11.3.008
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or gre
 CVE-2012-4238
<= 11.3.007
Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated u
 CVE-2012-4237
<= 11.3.007
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissi
 CVE-2011-3806
all versions
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the ins
 CVE-2010-2153
all versions
Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remot
 CVE-2007-6288
<= 5.1.000
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspe
 CVE-2007-2431
<= 4.0.011
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to
 CVE-2007-2430
<= 4.0.011
shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing f
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh