303 matches found
Roxy-WI 路径遍历漏洞
Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0. An attacker can exploit this vulnerability to read arbitrary files on the server running the application...
PT-2023-2140 · Roxy-Wi · Roxy-Wi
Name of the Vulnerable Software and Affected Versions: Roxy-WI versions prior to 6.3.5.0 Description: The issue is related to a limited path traversal vulnerability in the Roxy-WI web interface, which can be exploited by a remote attacker to gain unauthorized access to protected information. This...
VulnCheck KEV: CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in...
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...
The vulnerability of the subprocess_execute function in the web interface for managing Roxy-WI servers allows a hacker to execute arbitrary code.
The vulnerability of the subprocessexecute function in the Roxy-WI server management web interface exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Metasploit Weekly Wrap-Up
Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...
Roxy-WI Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...
Roxy-WI Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...
CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
Design/Logic Flaw
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
PT-2022-20576 · Haproxy +3 · Haproxy +3
Name of the Vulnerable Software and Affected Versions: Roxy-WI versions prior to 6.1.1.0 Description: Roxy-WI is a Web interface for managing HAProxy, Nginx, and Keepalived servers. The system command can be run remotely via the subprocess execute function without processing the inputs received...
CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
CVE-2022-31161
CVE-2022-31161 affects Roxy-WI prior to version 6.1.1.0, where the system command can be executed remotely through inputs handled in /app/options.py (notably via the subprocess_execute path). The issue enables unauthenticated remote code execution by abusing input handling (e.g., delcert/ssl_cert...
The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.
The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...
Remote code execution
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...
CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...
CVE-2022-31137 Unauthenticated Remote Code Execution in Roxy-WI
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...