CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

Security fix for the ALT Linux 10 package nginx version 1.22.0-alt1

1.22.0-alt1 built July 14, 2022 Anton Farygin in task 303520 --- July 12, 2022 Anton Farygin - 1.22.0 Fixes: CVE-2021-3618...

Nginx 1.20.0 - Denial of Service Exploit

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bionic CVE:...

Nginx 1.20.0 Denial Of Service

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Date: 2022-6-29 Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bion...

Nginx 1.20.0 - Denial of Service (DOS)

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Date: 2022-6-29 Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bion...

Remote code execution

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

Node.js: Off-by-slash vulnerability in nodejs.org and iojs.org

Summary: Configuration files for Nginx in nodejs/build repository have multiple off-by-slash misconfigurations. Because nodejs.org and iojs.org are deployed using those files, it is possible for an attacker to gain access to unexpected directories. This report is not related to nodejs/node...

CVE-2022-31137

CVE-2022-31137 affects Roxy-WI prior to 6.1.1.0. A remote code execution vulnerability exists where system commands can be executed via the subprocess_execute function in /app/options.py without proper input validation, and attackers can exploit it without authentication. The issue is mitigated b...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31125

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi version...

Design/Logic Flaw

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before...

CVE-2022-31126

CVE-2022-31126 affects Roxy-wi prior to 6.1.1.0. The Nuclei template confirms remote code execution via the vulnerable path, with commands executed through the application logic (ssh_command) in /app/funct.py, enabling an unauthenticated attacker to run arbitrary code on the target. Exploitation ...

Fedora: Security Advisory for goloris (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the njs_array_prototype_sort() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsarrayprototypesort function in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the njs_value_own_enumerate() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvalueownenumerate function in the njs interpreter of the nginx server is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the njs_set_number() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njssetnumber function in the njs interpreter of the nginx server is related to the issue of operations going beyond the buffer in memory when input data is not properly cleared. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

[SECURITY] Fedora 36 Update: goloris-0-0.6.20200326gita59fafb.fc36

Slowloris for NGINX DoS. Written in go...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-PoC pip install -r requirements.txt pytho...

Design/Logic Flaw

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...