| CVE-2016-5100 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Froxlor guessable password reset token |
| CVE-2023-0315 |
unknown |
— |
1.0 |
|
|
|
3y ago |
Froxlor vulnerable to Command Injection |
| CVE-2021-42325 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Froxlor SQL injection vulnerability |
| CVE-2026-41234 |
unknown |
— |
— |
|
|
|
5h ago |
Froxlor: BIND Zone File Injection via TXT Record Content |
| CVE-2026-41237 |
unknown |
— |
— |
|
|
|
5d ago |
Froxlor has an incomplete fix for CVE-2026-30932 |
| CVE-2026-41236 |
unknown |
— |
— |
|
|
|
5d ago |
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path |
| CVE-2026-41235 |
unknown |
— |
— |
|
|
|
5d ago |
Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement |
| CVE-2026-41228 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution |
| CVE-2026-41229 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) |
| CVE-2026-41230 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() |
| CVE-2026-41231 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron |
| CVE-2026-41232 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing |
| CVE-2026-41233 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() |
| CVE-2026-30932 |
unknown |
— |
— |
|
|
|
2mo ago |
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API |
| CVE-2026-26279 |
unknown |
— |
— |
|
|
|
3mo ago |
Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection |
| CVE-2025-48958 |
unknown |
— |
— |
|
|
|
1y ago |
Froxlor has an HTML Injection Vulnerability |
| CVE-2025-29773 |
unknown |
— |
— |
|
|
|
1y ago |
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover |
| CVE-2024-34070 |
unknown |
— |
— |
|
|
|
2y ago |
Blind XSS Leading to Froxlor Application Compromise |
| CVE-2023-50256 |
unknown |
— |
— |
|
|
|
2y ago |
Froxlor username/surname AND company field Bypass |
| CVE-2023-6069 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor Improper Input Validation vulnerability |
| CVE-2023-4829 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in froxlor/froxlor |
| CVE-2023-5564 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in froxlor/froxlor |
| CVE-2023-4304 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor vulnerable to business logic errors |
| CVE-2023-3668 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor vulnerable to Improper Encoding or Escaping of Output |
| CVE-2023-3192 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor Session Fixation vulnerability |
| CVE-2023-3172 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor vulnerable to Path Traversal |
| CVE-2023-3173 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts |
| CVE-2023-2666 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling |
| CVE-2023-2034 |
unknown |
— |
— |
|
|
|
3y ago |
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type |
| CVE-2023-1307 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor is vulnerable to authentication bypass |
| CVE-2023-1033 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor Cross-Site Request Forgery vulnerability |
| CVE-2023-0877 |
unknown |
— |
— |
|
|
|
3y ago |
Code Injection in froxlor/froxlor |
| CVE-2023-0671 |
unknown |
— |
— |
|
|
|
3y ago |
froxlor is vulnerable to privilege escalation from customer to root via directory-options |
| CVE-2023-0566 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor contains Static Code Injection |
| CVE-2023-0565 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor contains Business Logic Errors |
| CVE-2023-0572 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor contains Unchecked Error Condition |
| CVE-2023-0564 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor contains Weak Password Requirements |
| CVE-2023-0316 |
unknown |
— |
— |
|
|
|
3y ago |
Froxlor is vulnerable to path traversal |
| CVE-2022-4868 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor Improper Authorization vulnerability |
| CVE-2022-4867 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor vulnerable to Cross-Site Request Forgery |
| CVE-2022-4864 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor vulnerable to Argument Injection |
| CVE-2022-3869 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor vulnerable to code injection |
| CVE-2022-3721 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor vulnerable to Code Injection |
| CVE-2022-3017 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) |
| CVE-2020-28957 |
unknown |
— |
— |
|
|
|
4y ago |
Foxlor cross-site scripting (XSS) vulnerability |
| CVE-2020-10237 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2020-10236 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor Information Disclosure |
| CVE-2020-10235 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor arbitrary code execution via the database configuration options |
| CVE-2018-12642 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor Incorrect Access Control |
| CVE-2018-1000527 |
unknown |
— |
— |
|
|
|
4y ago |
Froxlor PHP Object Injection vulnerability |
| CVE-2020-29653 |
unknown |
— |
— |
|
|
|
4y ago |
HTML Injection in Froxlor |
