EUVD-2021-24639

Malware in sbrugna...

Roxy-WI Command Injection Vulnerability

Roxy-WI, the web interface for managing Haproxy, Nginx, and Keepalived servers, is vulnerable to a command injection vulnerability in Roxy-WI 5.2.2.0 and earlier. An attacker can exploit this vulnerability to conduct command injection attacks via /app/funct.py and /api/apifunct.py...

Roxy-WI SQL Injection Vulnerability (CNVD-2021-61758)

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...

Command injection

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

CVE-2021-38168

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...

CVE-2021-38169

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

CVE-2021-38167

The CVE-2021-38167 issue affects Roxy-WI up to version 5.2.2.0, where a SQL Injection vulnerability in the check_login flow can allow an unauthenticated attacker to extract a valid uuid and bypass authentication. Affected component: Roxy-WI web interface; root cause: improper handling of login in...

CVE-2010-1599

The CVE-2010-1599 issue is a SQL injection in NKInFoWeb loadorder.php, affecting NKInFoWeb 2.5 and 5.2.2.0 via the id_sp parameter. Remote attackers could potentially execute arbitrary SQL commands through this parameter. The NVD entry lists a base score of 7.5 (High) with network attack vector a...