408 matches found
Remote code execution
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...
Cross site scripting
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS Issue 2 of 2...
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...
CVE-2020-15871
CVE-2020-15871 affects Sonatype Nexus Repository Manager OSS/Pro prior to 3.25.1, enabling remote code execution. The issue is described across multiple sources as a RCE vulnerability in Nexus Repository Manager OSS/Pro versions before 3.25.1. Remediation: upgrade to version 3.25.1 or later. Publ...
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...
CVE-2020-15869
CVE-2020-15869 affects Sonatype Nexus Repository Manager OSS/Pro, versions before 3.25.1, due to an XSS vulnerability. The connected documents confirm the affected product and version range; no further technical details (exploit vectors, root cause specifics, or remediation) are provided in the s...
CVE-2020-15870
CVE-2020-15870 affects Sonatype Nexus Repository Manager OSS/Pro prior to 3.25.1, described as a cross-site scripting (XSS) issue. The public records in the connected documents consistently report this vulnerability as an XSS flaw without detailing the exact vulnerable component, version ranges b...
Central Security Project: Unsafe deserialization in Nexus Repository helm plugin
A remote code execution vulnerability CVE-2020-15871 has been discovered in Nexus Repository Manager 3. A user with the right permissions can run arbitrary code as the user running the Nexus Repository Manager server. Alternatively, an attacker could trick a user with the right permissions into...
Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32917)
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Repository Manager feature in Artica Pandora FMS version 7.44. The...
CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Repository Manager feature...
CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Repository Manager feature...
Design/Logic Flaw
Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Repository Manager feature...
CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Repository Manager feature...
Exploit for Expression Language Injection in Sonatype Nexus
Nexus Repository Manager 3 Vuln 影响版本:= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...
Sonatype Nexus Repository Manager Information Disclosure Vulnerability (CNVD-2020-33469)
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM version 2.x prior to 2.14.17 and version 3.x prior to 3.22.1. An attacker can exploit the...
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
CVE-2020-11415
The CVE-2020-11415 issue affects Sonatype Nexus Repository Manager 2.x (before 2.14.17) and 3.x (before 3.22.1). Admin users can access plaintext credentials for the LDAP server configured in nxrm, exposing LDAP usernames and passwords and compromising confidentiality. No exploit details or in-th...
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
Sonatype Nexus Repository Manager Elevation of Privilege Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM. An attacker can exploit this vulnerability to bypass security restrictions and elevate privileges...