| CVE-2016-5100 |
critical |
9.8 |
9.8 |
9y ago |
Froxlor guessable password reset token |
|
| CVE-2026-41228 |
unknown |
— |
— |
1mo ago |
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution |
|
| CVE-2026-41229 |
unknown |
— |
— |
1mo ago |
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) |
|
| CVE-2026-41230 |
unknown |
— |
— |
1mo ago |
Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() |
|
| CVE-2026-41231 |
unknown |
— |
— |
1mo ago |
Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron |
|
| CVE-2026-41232 |
unknown |
— |
— |
1mo ago |
Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing |
|
| CVE-2026-41233 |
unknown |
— |
— |
1mo ago |
Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() |
|
| CVE-2026-30932 |
unknown |
— |
— |
2mo ago |
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API |
|
| CVE-2026-26279 |
unknown |
— |
— |
3mo ago |
Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection |
|
| CVE-2025-48958 |
unknown |
— |
— |
1y ago |
Froxlor has an HTML Injection Vulnerability |
|
| CVE-2025-29773 |
unknown |
— |
— |
1y ago |
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover |
|
| CVE-2024-34070 |
unknown |
— |
— |
2y ago |
Blind XSS Leading to Froxlor Application Compromise |
|
| CVE-2023-50256 |
unknown |
— |
— |
2y ago |
Froxlor username/surname AND company field Bypass |
|
| CVE-2023-6069 |
unknown |
— |
— |
3y ago |
Froxlor Improper Input Validation vulnerability |
|
| CVE-2023-4829 |
unknown |
— |
— |
3y ago |
Cross-site Scripting (XSS) in froxlor/froxlor |
|
| CVE-2023-5564 |
unknown |
— |
— |
3y ago |
Cross-site Scripting (XSS) in froxlor/froxlor |
|
| CVE-2023-4304 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to business logic errors |
|
| CVE-2023-3668 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Improper Encoding or Escaping of Output |
|
| CVE-2023-3192 |
unknown |
— |
— |
3y ago |
Froxlor Session Fixation vulnerability |
|
| CVE-2023-3173 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts |
|
| CVE-2023-3172 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Path Traversal |
|
| CVE-2023-2666 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling |
|
| CVE-2023-2034 |
unknown |
— |
— |
3y ago |
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type |
|
| CVE-2023-1307 |
unknown |
— |
— |
3y ago |
Froxlor is vulnerable to authentication bypass |
|
| CVE-2023-1033 |
unknown |
— |
— |
3y ago |
Froxlor Cross-Site Request Forgery vulnerability |
|
| CVE-2023-0877 |
unknown |
— |
— |
3y ago |
Code Injection in froxlor/froxlor |
|
| CVE-2023-0671 |
unknown |
— |
— |
3y ago |
froxlor is vulnerable to privilege escalation from customer to root via directory-options |
|
| CVE-2023-0566 |
unknown |
— |
— |
3y ago |
Froxlor contains Static Code Injection |
|
| CVE-2023-0565 |
unknown |
— |
— |
3y ago |
Froxlor contains Business Logic Errors |
|
| CVE-2023-0572 |
unknown |
— |
— |
3y ago |
Froxlor contains Unchecked Error Condition |
|
| CVE-2023-0564 |
unknown |
— |
— |
3y ago |
Froxlor contains Weak Password Requirements |
|
| CVE-2023-0316 |
unknown |
— |
— |
3y ago |
Froxlor is vulnerable to path traversal |
|
| CVE-2023-0315 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Command Injection |
|
| CVE-2022-4868 |
unknown |
— |
— |
3y ago |
Froxlor Improper Authorization vulnerability |
|
| CVE-2022-4867 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Cross-Site Request Forgery |
|
| CVE-2022-4864 |
unknown |
— |
— |
3y ago |
Froxlor vulnerable to Argument Injection |
|
| CVE-2022-3869 |
unknown |
— |
— |
4y ago |
Froxlor vulnerable to code injection |
|
| CVE-2022-3721 |
unknown |
— |
— |
4y ago |
Froxlor vulnerable to Code Injection |
|
| CVE-2022-3017 |
unknown |
— |
— |
4y ago |
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) |
|
| CVE-2020-28957 |
unknown |
— |
— |
4y ago |
Foxlor cross-site scripting (XSS) vulnerability |
|
| CVE-2021-42325 |
unknown |
— |
— |
4y ago |
Froxlor SQL injection vulnerability |
|
| CVE-2020-10237 |
unknown |
— |
— |
4y ago |
Froxlor Exposure of Sensitive Information to an Unauthorized Actor |
|
| CVE-2020-10236 |
unknown |
— |
— |
4y ago |
Froxlor Information Disclosure |
|
| CVE-2020-10235 |
unknown |
— |
— |
4y ago |
Froxlor arbitrary code execution via the database configuration options |
|
| CVE-2018-12642 |
unknown |
— |
— |
4y ago |
Froxlor Incorrect Access Control |
|
| CVE-2018-1000527 |
unknown |
— |
— |
4y ago |
Froxlor PHP Object Injection vulnerability |
|
| CVE-2020-29653 |
unknown |
— |
— |
4y ago |
HTML Injection in Froxlor |
|