Design/Logic Flaw

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

CVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

CVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

CVE-2016-5100

Summary: CVE-2016-5100 affects Froxlor prior to 0.9.35, where the code uses PHP’s rand() for random number generation, enabling a remote attacker to predict password reset tokens. The issue is documented across multiple advisories and security entries (openSUSE/OpenSUSE-SU-2021:0415/0450, GHSA-GH...

CVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

openSUSE Security Update : froxlor (openSUSE-2015-636)

froxlor was updated to version 0.9.34 bnc846355, fixing bugs and bringing features. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-636. The text description of this plugin is C...

Froxlor 'class.Database.php' Information Disclosure Vulnerability

Froxlor is a web-based version of the server backend control panel developed by the Froxlor team, which supports a wide range of servers such as Apache, Lighttpd and Nginx. An information disclosure vulnerability exists in Froxlor. An attacker can exploit this vulnerability to gain access to...

FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)

[email protected] reports : An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...

Froxlor 0.9.33.1 MySQL Login Disclosure Vulnerability

Froxlor server management panel versions 0.9.33.1 and below suffer from a MySQL login information disclosure vulnerability. ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosur...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

Exploit for php platform in category web applications ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage:...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...

Froxlor 0.9.33.1 MySQL Login Disclosure

------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dörr Vendor Homepage: https://www.froxlor.org/ Version:...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dör...

Froxlor Detection (HTTP)

HTTP based detection of Froxlor. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.106035";...

Froxlor Information Disclosure Vulnerability - Active Check

Froxlor is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:froxlor:froxlor"; if...

froxlor -- database password information leak

[email protected] reports: An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...

Froxlor 0.9.15 - Remote File Inclusion Vulnerbility

No description provided by source...

Froxlor v 0.9.15 Remote File Inclusion Vulnerbility

Exploit for php platform in category web applications Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email :...

Froxlor 0.9.15 Remote File Inclusion

Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier : customerftp.php...

Froxlor 0.9.15 - Remote File Inclusion

Froxlor 0.9.15 - Remote File Inclusion Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier :...