CVE-2023-25802

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Design/Logic Flaw

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Directory traversal

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25802

CVE-2023-25802 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache, and Keepalived. The issue is a path traversal vulnerability in versions prior to 6.3.6.0, where the application does not correctly neutralize dir/../filename sequences (for example /etc/nginx/../passwd), enabling...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0. An attacker can exploit this vulnerability to read arbitrary files on the server running the application...

Roxy-WI 安全漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A security vulnerability exists in Roxy-WI versions prior to 6.3.6.0. An attacker can exploit the vulnerability to obtain information about the server...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

Nginx Cloud Storage HTTP Splitting

The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...

Nginx Missing Root Location

The scanner has detected that the Nginx installation does not have a directive for the root location '/'. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

Nginx SSI Variable Injection

The scanner has detected in the installed Nginx instance that a user input is being treated as an nginx variable. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

Nginx Off-By-Slash

When a Nginx directive does not end with a slash, it is possible to traverse one step up. This incorrect configuration could allow an attacker to read file stored outside the target folder. No source data...

Fedora 36 : perl-HTTP-Daemon (2023-c230cc08c4)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c230cc08c4 advisory. 6.16 2023-02-24 03:07:14Z - Bump LWP::UserAgent to 6.37 in TestSuggests GH65 Olaf Alders 6.15 2023-02-22 22:02:46Z - Fix CVE-2022-31081: Inconsistent...

Debian: Security Advisory (DLA-404-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1920-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-55-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : perl-HTTP-Daemon (2023-424636c7cb)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-424636c7cb advisory. 6.16 2023-02-24 03:07:14Z - Bump LWP::UserAgent to 6.37 in TestSuggests GH65 Olaf Alders ---- 6.15 2023-02-22 22:02:46Z Fix CVE-2022-31081: Inconsistent...

The vulnerability of the NGINX software configuration, which manages the Discourse mailing list, allows a hacker to cause a service failure.

The vulnerability of the NGINX software-based Discourse mailing list management system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...