72 matches found
Open redirect
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url parameter to...
CVE-2014-1405
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url...
CVE-2014-1408
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks...
CVE-2014-1408
The CVE-2014-1408 entry concerns the Conceptronic C54APM access point running code 1.26 that uses a default admin password, enabling remote access via HTTP and enabling stored XSS attacks. The vulnerability is tied to an insecure default credential in the admin account, exposing administrative co...
CVE-2014-1407
Multiple cross-site scripting XSS vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url parameter to...
CVE-2014-1407
CVE-2014-1407 affects the Conceptronic C54APM access point running code version 1.26. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formW...
CVE-2014-1406
CVE-2014-1406: CRLF injection in goform/formWlSiteSurvey on Conceptronic C54APM (runtime 1.26) allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the submit-url parameter in a Refresh action. Documents identify the affected component and vulnerability...
CVE-2014-1405
Conceptronic C54APM access point running firmware 1.26 is affected by multiple open redirect vulnerabilities. An attacker can trigger redirects to arbitrary sites via two parameters: submit-url in the Refresh action to goform/formWlSiteSurvey, and wlan-url in goform/formWlanSetup. Impact is phish...
CVE-2014-1406
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action...
Conceptronic CIPCAMPTIWL 21.37.2.49 Cross Site Request Forgery
Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...
Multiple Conceptronic Products Directory Traversal Vulnerability (Sep 2012) - Active Check
Multiple Conceptronic products are prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Conceptronic Grab'n'Go Authorization Bypass
Exploit for php platform in category web applications Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability...
Conceptronic Grab'n'Go Authorization Bypass
Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypass...
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...
Conceptronic Grab’n’Go Network Storage Directory Traversal
Exploit for hardware platform in category web applications Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal...
Conceptronic Grab'n'Go Network Storage - Directory Traversal
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...
Conceptronic GrabnGo Network Storage - Directory Traversal
Conceptronic GrabnGo Network Storage - Directory Traversal Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability...
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
Updated to include Sitecom MD-253 and MD254 Minor textual changes == Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5, 2012 Vendor Notification: May 31, 2012 =Impact - System Access -...
Conceptronic Authentication Bypass
Conceptronic Grab’n’Go Network Storage and Sitecom Home Storage Center - Authentication Bypass Vulnerability in - AA-001 Severity Rating: High Discovery Date: May 5, 2012 Vendor Notification: May 31, 2012 =Impact - System Access - Exposure of sensitive information =Severity Rating Alcyon rates th...