1990 matches found
Moderate Photon OS Security Update - PHSA-2022-4.0-0263
Updates of 'dbus', 'haproxy' packages of Photon OS have been released...
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...
Design/Logic Flaw
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct...
CVE-2022-1677
In OpenShift Container Platform, CVE-2022-1677 arises when a user with Route-creation/modification permissions can craft a payload that inserts a malformed entry into the cluster router’s HAProxy configuration. This can cause the router to hijack traffic by matching arbitrary hostnames and redire...
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
This module exploits an unauthenticated command injection vulnerability in Roxy-WI prior to version 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. Module Option...
Fedora: Security Advisory for golang-github-path-network-mmproxy (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-haproxytech-dataplaneapi-2.4.4-5.fc36
HAProxy Data Plane API...
Roxy-WI Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...
Roxy-WI Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...
Fedora: Security Advisory for golang-github-path-network-mmproxy (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-path-network-mmproxy-2.1-3.fc35
go-mmproxy is a standalone application that unwraps HAProxy's PROXY protocol also adopted by other projects such as NGINX so that the network connection to the end server comes from client's - instead of proxy server's - IP address and port number...
[SECURITY] Fedora 35 Update: golang-github-haproxytech-client-native-2.5.3-3.fc35
Go client for HAProxy configuration and runtime API...
CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...
Remote code execution
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...
SUSE SLES15 Security Update : haproxy (SUSE-SU-2022:2277-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2277-1 advisory. - A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send...
CVE-2022-31137
CVE-2022-31137 affects Roxy-WI prior to 6.1.1.0. A remote code execution vulnerability exists where system commands can be executed via the subprocess_execute function in /app/options.py without proper input validation, and attackers can exploit it without authentication. The issue is mitigated b...
openSUSE: Security Advisory for haproxy (SUSE-SU-2022:2277-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...