3 matches found
TekRADIUS SQL注入及不安全权限漏洞
CVECAN ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器,可以支持RFC 2865和RFC 2866规范。 1 TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯,远程攻击者可以相对较容易的获得对数据库的特权访问。 2 TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件,读取加密了的凭据。 3...
CVE-2009-2359
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...
CVE-2009-2359
TekRADIUS 3.0 suffers multiple SQL injection vulnerabilities that allow an attacker to run arbitrary SQL commands via the GUI (Browse Users) or the command-line client (trcli -r). The issue is confirmed in CVE-2009-2359 with impact described as ability to execute arbitrary SQL against the databas...