froxlor/froxlor Security Advisories for 2.0.4 (21)
-
[HIGH] Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
PKSA-yp36-zcg2-t1x4 GHSA-34qg-65m4-f23m
Affected version: <=2.2.0-rc3
Reported by:
GitHub -
[CRITICAL] Blind XSS Leading to Froxlor Application Compromise
PKSA-2bvk-dn1k-jgtg CVE-2024-34070 GHSA-x525-54hf-xr53
Affected version: <2.1.9
Reported by:
GitHub -
[HIGH] Froxlor username/surname AND company field Bypass
PKSA-94d1-2fmr-db7c CVE-2023-50256 GHSA-625g-fm5w-w7w4
Affected version: <=2.1.1
Reported by:
GitHub -
[CRITICAL] Froxlor Improper Input Validation vulnerability
PKSA-mhbb-j5t7-nknm CVE-2023-6069 GHSA-4jch-8qq5-hqg6
Affected version: <2.1.0-beta1
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in froxlor/froxlor
PKSA-7ypx-w6wf-3q58 CVE-2023-4829 GHSA-cvwv-h85m-w37h
Affected version: <2.0.22
Reported by:
GitHub -
[LOW] Froxlor vulnerable to business logic errors
PKSA-g52h-rdch-wgq3 CVE-2023-4304 GHSA-9rmf-6qgj-g3wj
Affected version: <2.0.22
Reported by:
GitHub -
[CRITICAL] Froxlor vulnerable to Improper Encoding or Escaping of Output
PKSA-65v9-z1rw-mzb5 CVE-2023-3668 GHSA-c6v5-pf66-xfq8
Affected version: <2.0.21
Reported by:
GitHub -
[MEDIUM] Froxlor Session Fixation vulnerability
PKSA-t6cp-pc2s-dd4x CVE-2023-3192 GHSA-jr66-9ghf-6gp3
Affected version: <2.1.0
Reported by:
GitHub -
[HIGH] Froxlor vulnerable to Path Traversal
PKSA-23qg-5ycx-pktz CVE-2023-3172 GHSA-ghqq-jfx7-f6m9
Affected version: <2.0.20
Reported by:
GitHub -
[CRITICAL] Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
PKSA-hccz-hs29-mqsx CVE-2023-3173 GHSA-chw4-88xc-79w6
Affected version: <2.0.20
Reported by:
GitHub -
[MEDIUM] Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
PKSA-h83c-h2wd-ddkg CVE-2023-2666 GHSA-4gm9-c9jq-g523
Affected version: <2.0.16
Reported by:
GitHub -
[CRITICAL] froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
PKSA-prs9-yg3j-g3kv CVE-2023-2034 GHSA-qwvp-g9j7-28f6
Affected version: <2.0.14
Reported by:
GitHub -
[CRITICAL] Froxlor is vulnerable to authentication bypass
PKSA-6y4z-4r8g-7cfk CVE-2023-1307 GHSA-j83x-r9qq-9g4v
Affected version: <2.0.13
Reported by:
GitHub -
[HIGH] Froxlor Cross-Site Request Forgery vulnerability
PKSA-nq8y-v5xg-3rjj CVE-2023-1033 GHSA-p7qq-rrvw-x55x
Affected version: <2.0.11
Reported by:
GitHub -
[HIGH] Code Injection in froxlor/froxlor
PKSA-y2p5-gr81-xyk9 CVE-2023-0877 GHSA-vp4r-h765-5mwp
Affected version: <2.0.11
Reported by:
GitHub -
[HIGH] froxlor is vulnerable to privilege escalation from customer to root via directory-options
PKSA-xx8s-h9wz-676j CVE-2023-0671 GHSA-9fqc-9cpr-w73q
Affected version: <2.0.10
Reported by:
GitHub -
[MEDIUM] Froxlor contains Static Code Injection
PKSA-v72n-6cc8-sm8r CVE-2023-0566 GHSA-w7w4-qjgg-372x
Affected version: <2.0.10
Reported by:
GitHub -
[MEDIUM] Froxlor contains Business Logic Errors
PKSA-k44n-5k61-zjy7 CVE-2023-0565 GHSA-vqqm-c9gx-773q
Affected version: <2.0.10
Reported by:
GitHub -
[MEDIUM] Froxlor contains Unchecked Error Condition
PKSA-zmb6-7wzk-791q CVE-2023-0572 GHSA-3chw-8jq2-w769
Affected version: <2.0.10
Reported by:
GitHub -
[HIGH] Froxlor contains Weak Password Requirements
PKSA-q6wt-gpp7-cn4g CVE-2023-0564 GHSA-pm72-27mg-fc28
Affected version: <2.0.10
Reported by:
GitHub -
[HIGH] Froxlor vulnerable to Command Injection
PKSA-hx3h-bnnr-cggy CVE-2023-0315 GHSA-cp68-42pf-6627
Affected version: <2.0.8
Reported by:
GitHub