303 matches found
CVE-2022-31125 Authentication Bypass in Roxy-wi
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi version...
Roxy-WI SQL Injection Vulnerability (CNVD-2021-61758)
Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...
Roxy-WI SQL Injection Vulnerability
Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, which can be exploited by attackers to conduct SQL injection attacks via selectservers...
Roxy-WI Command Injection Vulnerability
Roxy-WI, the web interface for managing Haproxy, Nginx, and Keepalived servers, is vulnerable to a command injection vulnerability in Roxy-WI 5.2.2.0 and earlier. An attacker can exploit this vulnerability to conduct command injection attacks via /app/funct.py and /api/apifunct.py...
CVE-2021-38167
Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...
CVE-2021-38169
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...
CVE-2021-38168
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...
CVE-2021-38168
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...
CVE-2021-38169
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...
CVE-2021-38167
Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...
Sql injection
Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...
Command injection
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...
Sql injection
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...
CVE-2021-38167
Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...
CVE-2021-38168
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via selectservers...
CVE-2021-38168
CVE-2021-38168 affects Roxy-WI up to version 5.2.2.0, where an authenticated user can trigger a SQL injection via the select_servers endpoint. The connected documents consistently describe this vulnerability as a SQL injection in Roxy-WI’s web interface for managing HAProxy/Nginx/Keepalived, with...
CVE-2021-38169
Roxy-WI is affected by CVE-2021-38169. The vulnerability allows command injection in versions up to 5.2.2.0 via unsafe handling in /app/funct.py and /api/api_funct.py. Impact is described as command execution, with risk details provided in the CVE entry (NVD metrics show high impact in confidenti...
CVE-2021-38169
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/apifunct.py...
CVE-2021-38167
Roxy-WI through 5.2.2.0 allows SQL Injection via checklogin. An unauthenticated attacker can extract a valid uuid to bypass authentication...
CVE-2021-38167
The CVE-2021-38167 issue affects Roxy-WI up to version 5.2.2.0, where a SQL Injection vulnerability in the check_login flow can allow an unauthenticated attacker to extract a valid uuid and bypass authentication. Affected component: Roxy-WI web interface; root cause: improper handling of login in...