CVE-2023-25804

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804

CVE-2023-25804 affects Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived. The vulnerability is a limited path traversal in the name parameter that allows an SSH key to be saved to an unintended location (for example, /tmp) using a payload such as ../../../../../tmp/test111...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0, which stems from the fact that SSH keys can be saved to an unexpected location, such as ... /... /... /... /... /tmp/test111dev...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25802

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Design/Logic Flaw

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Directory traversal

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

CVE-2023-25802

CVE-2023-25802 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache, and Keepalived. The issue is a path traversal vulnerability in versions prior to 6.3.6.0, where the application does not correctly neutralize dir/../filename sequences (for example /etc/nginx/../passwd), enabling...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

Roxy-WI 安全漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A security vulnerability exists in Roxy-WI versions prior to 6.3.6.0. An attacker can exploit the vulnerability to obtain information about the server...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0. An attacker can exploit this vulnerability to read arbitrary files on the server running the application...

Critical Photon OS Security Update - PHSA-2023-3.0-0545

Updates of 'curl', 'haproxy', 'nodejs', 'containerd' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2023-4.0-0350

Updates of 'curl', 'haproxy', 'containerd' packages of Photon OS have been released...

OESA-2023-1141 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Initial descriptio...

CVE-2023-25725 affecting package haproxy for versions less than 2.4.22-1

CVE-2023-25725 affecting package haproxy for versions less than 2.4.22-1. An upgraded version of the package is available that resolves this issue...

haproxy: segfault DoS

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability...