CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2006-1354
https://notcve.org/view.php?id=CVE-2006-1354
22 Mar 2006 — Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2005-4744
https://notcve.org/view.php?id=CVE-2005-4744
31 Dec 2005 — Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, a... • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4745
https://notcve.org/view.php?id=CVE-2005-4745
31 Dec 2005 — SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4746
https://notcve.org/view.php?id=CVE-2005-4746
31 Dec 2005 — Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". • http://www.debian.org/security/2006/dsa-1145 •