VYPR
Vendor

Packetfence

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2011-4069CriFeb 1, 2018
    risk 0.64cvss 9.8epss 0.02

    html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

  • CVE-2011-4068CriFeb 1, 2018
    risk 0.64cvss 9.8epss 0.02

    The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.

  • CVE-2012-4742Aug 31, 2012
    risk 0.00cvss epss 0.03

    The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-4741Aug 31, 2012
    risk 0.00cvss epss 0.01

    The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.

  • CVE-2012-4740Aug 31, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.