412 matches found
Exploit for CVE-2024-4956
CVE-2024-4956 Nexus Reposito...
Exploit for CVE-2024-4956
CVE-2024-4956 Nexus Reposito...
PT-2024-9210 · Sonatype · Sonatype Nexus Repository 2
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A stored Cross-site Scripting vulnerability has been discovered, which affects the structure of web pages. This issue may allow a remote attacker to perform cross-si...
PT-2024-9211 · Sonatype · Sonatype Nexus Repository
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A Remote Code Execution issue has been discovered, related to incorrect code generation management. This allows a remote attacker to execute arbitrary code by...
CVE-2024-4956
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...
CVE-2024-4956 Nexus Repository 3 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...
CVE-2024-4956
Affected product: Sonatype Nexus Repository 3. Vulnerability: Path Traversal (CWE-22) allowing an unauthenticated attacker to read system files. Root cause / details: Unauthenticated path traversal in Nexus Repository 3 enables access to sensitive files; fixed in version 3.68.1. Impact (as stated...
CVE-2024-4956 Nexus Repository 3 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1...
Sonatype Nexus Repository 安全漏洞
Nexus Repository Manager is a repository management system. A path traversal vulnerability exists in Sonatype Nexus Repository Manager that can be exploited by an attacker to obtain sensitive information...
PT-2024-4555
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions prior to 3.68.1 Description The issue is a path traversal vulnerability that allows an unauthenticated attacker to read system files. This vulnerability has been identified in Sonatype Nexus Repository 3 and...
Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...
SUSE CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
SUSE CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...
The vulnerability of Sonatype Nexus Repository Manager lies in the lack of measures to clean input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of Sonatype Nexus Repository Manager is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Sonatype Nexus Repository Manager relates to insecure management of privileges, allowing a perpetrator to execute arbitrary code.
The vulnerability of Sonatype Nexus Repository Manager is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.18.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.18.1-01) +21 more potentially affected by CVE-2019-16530 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.18.1-01)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =3.17.0-01, =0.0.4, =3.17.0-01, =3.10.0-04, =3.10.0-04, =3.11.0-01, =0.0.2, =3.13.0-01, =1.0.4, =3.10.0-04, =3.18.1-01 and more Source cves: CVE-2019-16530 Source advisory: OSV:GHSA-HM...
GHSA-HMJV-PX3J-933C Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...
CVE-2022-27907
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...
CVE-2022-27907
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...