Lucene search
+L

303 matches found

OSV
OSV
added 2022/07/06 12:0 a.m.30 views

CVE-2022-31125 Authentication Bypass in Roxy-wi

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi version...

10CVSS9.1AI score0.1973EPSS
Exploits3References4
CNVD
CNVD
added 2021/08/09 12:0 a.m.19 views

Roxy-WI SQL Injection Vulnerability (CNVD-2021-61758)

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...

9.8CVSS3.8AI score0.01286EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/09 12:0 a.m.20 views

Roxy-WI Command Injection Vulnerability

Roxy-WI, the web interface for managing Haproxy, Nginx, and Keepalived servers, is vulnerable to a command injection vulnerability in Roxy-WI 5.2.2.0 and earlier. An attacker can exploit this vulnerability to conduct command injection attacks via /app/funct.py and /api/apifunct.py...

8.8CVSS4.5AI score0.01528EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/09 12:0 a.m.17 views

Roxy-WI SQL Injection Vulnerability

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, which can be exploited by attackers to conduct SQL injection attacks via selectservers...

8.8CVSS4.3AI score0.00939EPSS
Exploits0References1
NVD
NVD
added 2021/08/07 6:15 p.m.24 views

CVE-2021-38167

Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...

9.8CVSS0.01286EPSS
Exploits0References1
NVD
NVD
added 2021/08/07 6:15 p.m.18 views

CVE-2021-38169

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

8.8CVSS0.01528EPSS
Exploits0References1
NVD
NVD
added 2021/08/07 6:15 p.m.21 views

CVE-2021-38168

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...

8.8CVSS0.00939EPSS
Exploits0References1
OSV
OSV
added 2021/08/07 6:15 p.m.10 views

CVE-2021-38169

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

8.8CVSS7.5AI score
Exploits0References1
OSV
OSV
added 2021/08/07 6:15 p.m.14 views

CVE-2021-38167

Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...

9.8CVSS8.2AI score
Exploits0References1
OSV
OSV
added 2021/08/07 6:15 p.m.16 views

CVE-2021-38168

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...

8.8CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2021/08/07 6:15 p.m.16 views

Sql injection

Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...

7.5CVSS9.8AI score0.01286EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/08/07 6:15 p.m.15 views

Command injection

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

6.5CVSS9AI score0.01528EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/08/07 6:15 p.m.19 views

Sql injection

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...

6.5CVSS9AI score0.00939EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/07 6:15 p.m.4 views

CVE-2021-38167

Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...

9.8CVSS7.3AI score0.01286EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/07 6:0 p.m.22 views

CVE-2021-38168

Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...

9.3AI score0.00939EPSS
Exploits0References1
CVE
CVE
added 2021/08/07 6:0 p.m.59 views

CVE-2021-38168

CVE-2021-38168 affects Roxy-WI up to version 5.2.2.0, where an authenticated user can trigger a SQL injection via the select_servers endpoint. The connected documents consistently describe this vulnerability as a SQL injection in Roxy-WI’s web interface for managing HAProxy/Nginx/Keepalived, with...

8.8CVSS9AI score0.00939EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/07 6:0 p.m.19 views

CVE-2021-38169

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...

9.2AI score0.01528EPSS
Exploits0References1
CVE
CVE
added 2021/08/07 6:0 p.m.60 views

CVE-2021-38169

Roxy-WI is affected by CVE-2021-38169. The vulnerability allows command injection in versions up to 5.2.2.0 via unsafe handling in /app/funct.py and /api/api_funct.py. Impact is described as command execution, with risk details provided in the CVE entry (NVD metrics show high impact in confidenti...

8.8CVSS9AI score0.01528EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/07 6:0 p.m.23 views

CVE-2021-38167

Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...

10AI score0.01286EPSS
Exploits0References1
CVE
CVE
added 2021/08/07 6:0 p.m.60 views

CVE-2021-38167

The CVE-2021-38167 issue affects Roxy-WI up to version 5.2.2.0, where a SQL Injection vulnerability in the check_login flow can allow an unauthenticated attacker to extract a valid uuid and bypass authentication. Affected component: Roxy-WI web interface; root cause: improper handling of login in...

9.8CVSS9.9AI score0.01286EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder