303 matches found
CVE-2026-33077
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...
CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...
CVE-2026-33077
CVE-2026-33077 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache and Keepalived. The vulnerability is an arbitrary file read in the oldconfig parameter of the haproxy_section_save interface, present before version 8.2.6.4. Upgrading to 8.2.6.4 fixes the issue. The CVSS metrics ...
CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...
CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...
CVE-2026-33076
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...
CVE-2026-33076
Roxy-WI is vulnerable in the haproxy_section_save interface prior to version 8.2.6.4. The issue is a path traversal that can write into scheduled tasks, enabling remote code execution. Version 8.2.6.4 fixes the issue. (Exploitation details are not provided in the documents.)
CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...
EUVD-2026-25375
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...
CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...
Roxy-WI 路径遍历漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability. This vulnerability stemmed from issues with the haproxysectionsave interface, involving path traversal and the executio...
Roxy-WI SQL注入漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a SQL injection vulnerability. This vulnerability stemmed from the serverip parameter in the haproxy-sectionsave function being inserted into the SQL...
PT-2026-34833
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy section save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the...
PT-2026-34834
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy section save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...
PT-2026-34836
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...
Roxy-WI 路径遍历漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability, which stemmed from a vulnerability in the oldconfig parameter of the haproxysectionsave interface, allowing arbitrary...
CVE-2026-33432
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...
CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...
CVE-2026-33432
CVE-2026-33432 affects Roxy-WI up to version 8.2.8.2. When LDAP authentication is enabled, the code concatenates the login username directly into the LDAP search filter without escaping special characters, enabling an unauthenticated attacker to inject LDAP metacharacters, manipulate the query, a...
EUVD-2026-23968
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...