Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2018-02-21 | 7.5 HIGH | 9.8 CRITICAL |
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | |||||
CVE-2011-4069 | 1 Packetfence | 1 Packetfence | 2018-02-21 | 7.5 HIGH | 9.8 CRITICAL |
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | |||||
CVE-2012-4740 | 1 Packetfence | 1 Packetfence | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4741 | 1 Packetfence | 1 Packetfence | 2017-08-28 | 5.0 MEDIUM | N/A |
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. | |||||
CVE-2012-4742 | 1 Packetfence | 1 Packetfence | 2012-09-02 | 7.5 HIGH | N/A |
The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. |