Roxy WI 6.1.1.0 Remote Code Execution

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...

Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution via ssl_cert Upload Vulnerability

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...

Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...

CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...