Vulnerabilities > Freeradius > High

DATE CVE VULNERABILITY TITLE RISK
2008-10-07 CVE-2008-4474 Link Following vulnerability in Freeradius 2.0.4
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
local
low complexity
freeradius CWE-59
7.2
2006-03-22 CVE-2006-1354 Authentication Bypass vulnerability in FreeRADIUS EAP-MSCHAPv2
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
network
low complexity
freeradius
7.5
2005-12-31 CVE-2005-4746 RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
network
low complexity
freeradius
7.8
2005-12-31 CVE-2005-4745 SQL Injection vulnerability in Freeradius 1.0.3/1.0.4
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
network
low complexity
freeradius
7.5
2005-05-19 CVE-2005-1455 Buffer Overflow vulnerability in Freeradius 1.0.2
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
network
low complexity
freeradius
7.5
2005-05-19 CVE-2005-1454 SQL Injection vulnerability in Freeradius 1.0.2
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
network
low complexity
freeradius
7.5
2002-03-04 CVE-2001-1376 Buffer Overflow vulnerability in Multiple Vendor RADIUS Digest Calculation
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
7.5