Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137

Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or just need a convenient interface for managing all services in one place.

Advisory Information

Remotely Exploitable: Yes
Authentication Required: No
Vendor URL: roxy-wi.org
CVSSv3.1 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
Date of found: 10.06.2022

Read More

Advisory | osTicket v1.10 Unauthenticated SQL Injection (CVE-2017-14396 )

osTicket is a widely-used and trusted open source support ticket system. It seamlessly routes inquiries created via email, web-forms and phone calls into a simple, easy-to-use, multi-user, web-based customer support platform. osTicket comes packed with more features and tools than most of the expensive (and complex) support ticket systems on the market.

Read More