412 matches found
Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...
CVE-2020-29436
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...
CVE-2020-29436
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...
Design/Logic Flaw
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...
Sonatype Nexus Repository Manager External Entity Injection Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...
Sonatype Nexus Repository Manager 代码问题漏洞
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...
Sonatype Nexus Repository Stored Cross Site Scripting (CVE-2020-10203)
A cross-site scripting vulnerability exists in Sonatype Nexus Repository. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Sonatype Nexus Repository Remote Code Execution (CVE-2020-10204)
A remote code execution vulnerability exists in Sonatype Nexus Repository. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-15012
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...
Directory traversal
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...
CVE-2020-15012
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...
CVE-2020-15012
Sonatype Nexus Repository Manager 2.x (pre-2.14.19) is affected by a Directory Traversal vulnerability. A crafted path can cause FS traversal to read content on disk to which the Nexus process user has access. Root cause is path traversal in requests; impact is exposure of local content. No expli...
Sonatype Nexus Repository Information Disclosure Vulnerability
Sonatype Nexus Repository is a repository manager from Sonatype USA. It is mainly used for managing, storing, and distributing software, among other things. An information disclosure vulnerability exists in Nexus Repository version 3.26.1. An attacker with administrative user privileges could...
CVE-2020-24622
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...
CVE-2020-24622
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...
Code injection
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...
CVE-2020-24622
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...
CVE-2020-24622
CVE-2020-24622 affects Sonatype Nexus Repository 3.26.1. An admin user can disclose S3 secret keys due to an information-disclosure vulnerability. The NVD entry lists CVSSv3.1 base score 4.9 (Medium) with network attack and low complexity; confidentiality impact is high while other impacts are no...
Sonatype Nexus Repository Manager Unauthorized Access Vulnerability
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM OSS/Pro versions prior to 3.26.0. An attacker could exploit the vulnerability to access...
CVE-2020-15868
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control...