19 matches found
EUVD-2009-2353
Malware in sbrugna...
EUVD-2009-2355
Malware in sbrugna...
EUVD-2009-2354
Malware in sbrugna...
TekRADIUS SQL注入及不安全权限漏洞
CVECAN ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器,可以支持RFC 2865和RFC 2866规范。 1 TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯,远程攻击者可以相对较容易的获得对数据库的特权访问。 2 TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件,读取加密了的凭据。 3...
CVE-2009-2358
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...
Sql injection
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...
Design/Logic Flaw
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...
CVE-2009-2357
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...
Default configuration
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...
CVE-2009-2359
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...
CVE-2009-2357
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...
CVE-2009-2358
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...
CVE-2009-2358
TekRADIUS 3.0 stores database credentials in TekRADIUS.ini. The file is readable with BUILTIN\Users:R permissions, enabling any local Windows user to read obfuscated credentials. This is a local-read confidentiality risk; no exploit details or patches are provided in the connected documents. The ...
CVE-2009-2359
TekRADIUS 3.0 suffers multiple SQL injection vulnerabilities that allow an attacker to run arbitrary SQL commands via the GUI (Browse Users) or the command-line client (trcli -r). The issue is confirmed in CVE-2009-2359 with impact described as ability to execute arbitrary SQL against the databas...
CVE-2009-2357
TekRADIUS 3.0 is affected: its default configuration communicates with Microsoft SQL Server using the sa account, enabling remote attackers to obtain privileged database and Windows OS access. The Seebug entry also notes that TekRADIUS stores DB credentials in C:\Program Files\TekRADIUS\TekRADIUS...
CVE-2009-2359
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...
Medium security hole in TekRADIUS
Hi, I've identified a couple of security flaws affecting the TekRADIUS radius server for Windows which may allow privilege escalation. These issues were reported by email to the vendor and have I believe been resolved. Tim -- Tim Brown mailto:[email protected]...
TekRADIUS privilege escalation
No description provided...
TekRADIUS Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20090412 Date: 12th April 2009 Author: Tim Brown URL: / Product: TekRADIUS 3.0 Vendor: Yasin KAPLAN Risk: Medium Summary This advisory comes in 3 related parts: 1 By default, TekRADIUS connects to SQL Server as the ...