Lucene search
+L

303 matches found

CNNVD
CNNVD
added 2023/03/13 12:0 a.m.6 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0. An attacker can exploit this vulnerability to read arbitrary files on the server running the application...

7.5CVSS7.6AI score0.01206EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/02/15 12:0 a.m.7 views

PT-2023-2140 · Roxy-Wi · Roxy-Wi

Name of the Vulnerable Software and Affected Versions: Roxy-WI versions prior to 6.3.5.0 Description: The issue is related to a limited path traversal vulnerability in the Roxy-WI web interface, which can be exploited by a remote attacker to gain unauthorized access to protected information. This...

7.8CVSS5.3AI score0.00761EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in...

10CVSS8AI score0.90387EPSS
Exploits15References1
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.878 views

Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...

5.5CVSS7.8AI score0.00651EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.9 views

The vulnerability of the subprocess_execute function in the web interface for managing Roxy-WI servers allows a hacker to execute arbitrary code.

The vulnerability of the subprocessexecute function in the Roxy-WI server management web interface exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.90387EPSS
Exploits15References6Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/07/29 8:32 p.m.349 views

Metasploit Weekly Wrap-Up

Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...

10CVSS10AI score0.90387EPSS
Exploits15
0day.today
0day.today
added 2022/07/26 12:0 a.m.779 views

Roxy-WI Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...

10CVSS8.4AI score0.90387EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/07/26 12:0 a.m.826 views

Roxy-WI Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...

10CVSS0.2AI score0.90387EPSS
Exploits16
NVD
NVD
added 2022/07/15 9:15 p.m.65 views

CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

10CVSS0.26819EPSS
Exploits3References3
Prion
Prion
added 2022/07/15 9:15 p.m.24 views

Design/Logic Flaw

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

7.5CVSS9.4AI score0.26819EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.3 views

PT-2022-20576 · Haproxy +3 · Haproxy +3

Name of the Vulnerable Software and Affected Versions: Roxy-WI versions prior to 6.1.1.0 Description: Roxy-WI is a Web interface for managing HAProxy, Nginx, and Keepalived servers. The system command can be run remotely via the subprocess execute function without processing the inputs received...

10CVSS9.3AI score0.26819EPSS
Exploits3References10
Vulnrichment
Vulnrichment
added 2022/07/15 12:0 a.m.5 views

CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

10CVSS9.5AI score0.26819EPSS
Exploits3References3
Cvelist
Cvelist
added 2022/07/15 12:0 a.m.53 views

CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

10CVSS9.7AI score0.26819EPSS
Exploits3References3
OSV
OSV
added 2022/07/15 12:0 a.m.34 views

CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

10CVSS8.9AI score0.26819EPSS
Exploits3References5
CVE
CVE
added 2022/07/15 12:0 a.m.99 views

CVE-2022-31161

CVE-2022-31161 affects Roxy-WI prior to version 6.1.1.0, where the system command can be executed remotely through inputs handled in /app/options.py (notably via the subprocess_execute path). The issue enables unauthenticated remote code execution by abusing input handling (e.g., delcert/ssl_cert...

10CVSS9.5AI score0.26819EPSS
In wildExploits3References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.

The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.49937EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2022/07/08 8:15 p.m.22 views

CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS0.90387EPSS
Exploits15References6
Prion
Prion
added 2022/07/08 8:15 p.m.26 views

Remote code execution

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS9.5AI score0.90387EPSS
Exploits15References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/08 12:0 a.m.270 views

CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS4.3AI score0.90387EPSS
In wildExploits15References7
Vulnrichment
Vulnrichment
added 2022/07/08 12:0 a.m.13 views

CVE-2022-31137 Unauthenticated Remote Code Execution in Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS9.9AI score0.90387EPSS
Exploits15References6
Rows per page
Query Builder