Search
Find a vulnerability
Search criteria
6 vulnerabilities by yasinkaplan
CVE-2009-2359 (GCVE-0-2009-2359)
Vulnerability from nvd – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2359",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2358 (GCVE-0-2009-2358)
Vulnerability from nvd – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TekRADIUS 3.0 uses BUILTIN\\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TekRADIUS 3.0 uses BUILTIN\\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2358",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2357 (GCVE-0-2009-2357)
Vulnerability from nvd – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2357",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2359 (GCVE-0-2009-2359)
Vulnerability from cvelistv5 – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2359",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2358 (GCVE-0-2009-2358)
Vulnerability from cvelistv5 – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TekRADIUS 3.0 uses BUILTIN\\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TekRADIUS 3.0 uses BUILTIN\\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2358",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2357 (GCVE-0-2009-2357)
Vulnerability from cvelistv5 – Published: 2009-07-07 23:00 – Updated: 2024-08-07 05:44
VLAI
EPSS
VEX
Summary
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1816 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/504740/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.nth-dimension.org.uk/utils/get.php?dow… | x_refsource_MISC |
Date Public
2009-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1816"
},
{
"name": "20090706 Medium security hole in TekRADIUS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded"
},
{
"name": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2357",
"datePublished": "2009-07-07T23:00:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:56.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}