408 matches found
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
Cross site scripting
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-29159
A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...
CVE-2021-29159
The vulnerability CVE-2021-29159 affects Nexus Repository Manager 3.x prior to 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, execute arbitrary JavaScript in the NXRM application context. This is a cross-site scripting (...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...
CVE-2021-30635
CVE-2021-30635 affects Sonatype Nexus Repository Manager 3.x prior to 3.30.1. The vulnerability is a directory traversal issue that allows a remote attacker to enumerate files and directories in a UI-related folder; no customer-specific data is exposed. Impact is limited to information disclosure...
Unspecified Vulnerability in Sonatype Nexus Repository Manager IQ
Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...
Sonatype Nexus Repository Manager Pro Incorrect Access Control Vulnerability
Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs as often, allowing you to distribute your software with ease.OSS is the open-source, free version, and Pro is the professional,...
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control...
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control...
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control...
CVE-2021-29158
The connected sources describe CVE-2021-29158 as an Incorrect Access Control issue in Sonatype Nexus Repository Manager Pro up to and including 3.30.0 . The vulnerability reportedly allows an attacker to obtain sensitive information (per CNVD/PRION/Red Hat entries). No technical exploit details, ...
Sonatype Nexus Repository Manager 安全漏洞
Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs as often, allowing you to distribute your software with ease.OSS is the open-source, free version, and Pro is the professional,...
Sonatype Nexus Repository Manager IQ 路径遍历漏洞
Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...
Sonatype Nexus Repository Manager 跨站脚本漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Nexus Repository Manager version 3.x prior to 3.30.1, which can be exploited by an attacker...
Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...
OPENSUSE-SU-2021:0059-1 Security update for libzypp, zypper
This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file bsc1050625 bsc1177583 - RepoManager: Force refresh if repo url has changed bsc1174016 - RepoManager: Carefully tidy up the...