Lucene search
K

661 matches found

OSV
OSV
added 2023/02/17 3:30 a.m.12 views

GHSA-VP4R-H765-5MWP Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...

8.8CVSS8.9AI score0.03928EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/02/17 12:0 a.m.29 views

CVE-2023-0877 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...

9.1CVSS9.2AI score0.03928EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.9 views

CVE-2023-0877 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...

9.1CVSS7.2AI score0.03928EPSS
Exploits1References2
CVE
CVE
added 2023/02/17 12:0 a.m.61 views

CVE-2023-0877

CVE-2023-0877 affects Froxlor prior to 2.0.11. Affected component: Froxlor software; vulnerability type: Code Injection (as described in multiple sources). Root cause details are not exhaustively described in the provided documents, but the CVE is reported with a Network attack vector and high im...

9.1CVSS8.9AI score0.03928EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/02/17 12:0 a.m.17 views

CVE-2023-0877 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...

9.1CVSS9.4AI score0.03928EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.3 views

Froxlor 代码注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. A code injection vulnerability exists in Froxlor versions prior to 2.0.11, which stems from the presence of code injection...

9.1CVSS8.3AI score0.03928EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.2 views

SUSE CVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

9.8CVSS7.1AI score0.01915EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12642

Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...

7.5CVSS7.6AI score0.01398EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

7.2CVSS7.5AI score0.02629EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

6.1CVSS5.8AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

8.8CVSS8.8AI score0.01682EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-10237

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...

5.5CVSS5.3AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-29653

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags...

6.1CVSS6.4AI score0.01409EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-42325

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...

9.8CVSS9.6AI score0.11812EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.2 views

SUSE CVE-2022-3017

Cross-Site Request Forgery CSRF in GitHub repository froxlor/froxlor prior to 0.10.38...

6.5CVSS4.8AI score0.00371EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.1 views

SUSE CVE-2023-0315

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...

8.8CVSS7.5AI score0.97653EPSS
Exploits8References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.1 views

SUSE CVE-2023-0316

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...

6.8CVSS6.3AI score0.00729EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.1 views

SUSE CVE-2023-0564

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10...

7.5CVSS7.6AI score0.00455EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.3 views

SUSE CVE-2023-0565

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10...

5.5CVSS5AI score0.00562EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.2 views

SUSE CVE-2023-0572

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...

5.3CVSS5.3AI score0.00667EPSS
Exploits1References3
Rows per page
Query Builder