Author: Cyberthreat Blog

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the...

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from “SEND data” log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from “Switch Info” log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.