Vulnerabilities > Froxlor

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2020-10237 Race Condition vulnerability in Froxlor
An issue was discovered in Froxlor through 0.10.15.
local
low complexity
froxlor CWE-362
5.5
2020-03-09 CVE-2020-10236 Improper Input Validation vulnerability in Froxlor
An issue was discovered in Froxlor before 0.10.14.
local
low complexity
froxlor CWE-20
6.1
2020-03-09 CVE-2020-10235 Improper Encoding or Escaping of Output vulnerability in Froxlor
An issue was discovered in Froxlor before 0.10.14.
network
low complexity
froxlor CWE-116
8.8
2018-06-26 CVE-2018-1000527 Deserialization of Untrusted Data vulnerability in Froxlor
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution.
network
low complexity
froxlor CWE-502
7.2
2018-06-22 CVE-2018-12642 Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
network
low complexity
froxlor CWE-732
7.5
2017-09-06 CVE-2015-5959 Information Exposure vulnerability in Froxlor
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
network
low complexity
froxlor CWE-200
critical
9.8
2017-02-13 CVE-2016-5100 Use of Insufficiently Random Values vulnerability in Froxlor
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
network
low complexity
froxlor CWE-330
critical
9.8