Vulnerabilities > Freeradius > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-07 | CVE-2008-4474 | Link Following vulnerability in Freeradius 2.0.4 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | 7.2 |
2006-03-22 | CVE-2006-1354 | Authentication Bypass vulnerability in FreeRADIUS EAP-MSCHAPv2 Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. | 7.5 |
2005-12-31 | CVE-2005-4746 | RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4 Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | 7.8 |
2005-12-31 | CVE-2005-4745 | SQL Injection vulnerability in Freeradius 1.0.3/1.0.4 SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-05-19 | CVE-2005-1455 | Buffer Overflow vulnerability in Freeradius 1.0.2 Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | 7.5 |
2005-05-19 | CVE-2005-1454 | SQL Injection vulnerability in Freeradius 1.0.2 SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | 7.5 |
2002-03-04 | CVE-2001-1376 | Buffer Overflow vulnerability in Multiple Vendor RADIUS Digest Calculation Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. network low complexity ascend freeradius gnu icradius livingston lucent miquel-van-smoorenburg-cistron openradius radiusclient xtradius yard-radius yard-radius-project | 7.5 |