Lucene search
K

13 matches found

Nuclei
Nuclei
added 5 days ago16 views

Roxy-WI < 6.1.1.0 - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. id: CVE-2022-31137 info: name: Roxy-WI 6.1.1.0 - Remote Code Execution author:...

10CVSS7.6AI score0.90387EPSS
Exploits15References4
0day.today
0day.today
added 2023/05/26 12:0 a.m.469 views

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS9.6AI score0.90387EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.312 views

Roxy WI 6.1.0.0 Remote Command Execution

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS7.1AI score0.90387EPSS
Exploits15
Exploit DB
Exploit DB
added 2023/05/24 12:0 a.m.405 views

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS9.6AI score0.90387EPSS
Exploits15
0day.today
0day.today
added 2023/04/03 12:0 a.m.295 views

Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution via ssl_cert Upload Vulnerability

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...

10CVSS9.4AI score0.90387EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.250 views

Roxy WI 6.1.0.0 Remote Code Execution

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...

10CVSS9.4AI score0.90387EPSS
Exploits15
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.875 views

Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...

5.5CVSS7.8AI score0.00651EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/07/29 8:32 p.m.349 views

Metasploit Weekly Wrap-Up

Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...

10CVSS10AI score0.90387EPSS
Exploits15
0day.today
0day.today
added 2022/07/26 12:0 a.m.775 views

Roxy-WI Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...

10CVSS8.4AI score0.90387EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/07/26 12:0 a.m.823 views

Roxy-WI Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...

10CVSS0.2AI score0.90387EPSS
Exploits16
Circl
Circl
added 2022/07/09 12:22 a.m.226 views

CVE-2022-31137

creationtimestamp| type| source ---|---|--- 2022-07-09 00:22:27+00:00| seen| https://t.me/cibsecurity/45849 2022-07-25 21:30:57+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/roxywiexec.rb 2022-12-26 15:30:06+00:00| seen|...

10CVSS7.6AI score0.90387EPSS
In wildExploits15References11
Vulnrichment
Vulnrichment
added 2022/07/08 12:0 a.m.13 views

CVE-2022-31137 Unauthenticated Remote Code Execution in Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS9.9AI score0.90387EPSS
Exploits15References6
CVE
CVE
added 2022/07/08 12:0 a.m.264 views

CVE-2022-31137

CVE-2022-31137 affects Roxy-WI prior to 6.1.1.0. A remote code execution vulnerability exists where system commands can be executed via the subprocess_execute function in /app/options.py without proper input validation, and attackers can exploit it without authentication. The issue is mitigated b...

10CVSS9.6AI score0.90387EPSS
In wildExploits15References6Affected Software1
Rows per page
Query Builder