Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting

Exploit Title: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-12 Vendor Homepage: https://froxlor.org/ Software Link: https://froxlor.org/download/ Version: 0.10.16 Document Title: =============== Froxlor v0.10.16 ...

Froxlor 0.10.16 Cross Site Scripting

Document Title: =============== Froxlor v0.10.16 CP - Customer Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2241 Release Date: ============= 2020-11-12 Vulnerability Laboratory ID VL-ID: ====================================...

Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability

Document Title: =============== Froxlor v0.10.16 CP - Customer Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2241 Release Date: ============= 2020-11-12 Vulnerability Laboratory ID VL-ID: ====================================...

Arbitrary Code Execution

froxlor/froxlor is vulnerable to arbitrary code execution. The backupExistingDatabase in install/lib/class.FroxlorInstall.php allows remote attackers with access to the installation routine to execute arbitrary code due to the unescaped database configuration options being passed to exec...

Information Disclosure

froxlor/froxlor is vulnerable to information disclosure. The application creates files with static names in /tmp during installation in the case that the installation directory was not writable. This allows local attackers to cause retrieve confidential information out of the configuration files...

Froxlor Information Disclosure Vulnerability

Froxlor is a server administration control panel that can be used to manage multi-user or shared servers. An information disclosure vulnerability exists in Froxlor version 0.10.15 and earlier. The vulnerability stems from the installer writing configuration parameters, including passwords, to a...

Froxlor Remote Code Execution Vulnerability

Froxlor is a server administration control panel that can be used to manage multi-user or shared servers. A remote code execution vulnerability exists in Froxlor versions prior to 0.10.14. A remote attacker can exploit this vulnerability to execute arbitrary code via database configuration option...

Froxlor Denial of Service and Information Disclosure Vulnerability

Froxlor is a server administration control panel that can be used to manage multi-user or shared servers. A denial of service and information disclosure vulnerability exists in Froxlor versions prior to 0.10.14. The vulnerability stems from the fact that Froxlor creates files with static names in...

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

CVE-2020-10237

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

CVE-2020-10237

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...

Design/Logic Flaw

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

Code injection

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

Design/Logic Flaw

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...

CVE-2020-10235

An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of backupExistingDatabase in install/lib/class.FroxlorInstall.php...

CVE-2020-10235

Froxlor before 0.10.14 is affected. The issue arises because database configuration options are passed unescaped to exec via _backupExistingDatabase in install/lib/class.FroxlorInstall.php, allowing remote attackers with access to the installation routine to execute arbitrary code. Impact is remo...

CVE-2020-10237

An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time,...