408 matches found
CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS...
Cross site scripting
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS...
CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS...
Sonatype Nexus Repository Manager Operating System Command Injection Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An operating system command injection vulnerability exists in Sonatype NXRM that can be exploited by an attacker to execute code...
Central Security Project: OS Command Injection in Nexus Repository Manager 2.x
Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.9-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. All instances using CommandLineExecutor.java with user-supplied data is...
This Week in Security News: Banking Malware and Phishing Campaigns
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the banking malware Anubis that has been retooled for use in fresh attack waves. Also, read about a new phishing campaign that...
Sonatype Nexus Repository Manager Weak Password Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM versions prior to 3.17.0, which stems from the default administrator account password being set to admin/admin123, which can be exploited by an attacker to gain...
Sonatype Nexus Repository Manager Information Disclosure Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM versions prior to 3.17.0. An attacker can exploit the vulnerability to read files and images in the repository...
CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...
Design/Logic Flaw
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
Design/Logic Flaw
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...
CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...
CVE-2019-9629
CVE-2019-9629 affects Sonatype Nexus Repository Manager prior to version 3.17.0, where the default administrator account uses weak default credentials (admin/admin123). This configuration flaw allows an attacker to gain administrator privileges and take over the repository manager. Multiple conne...
VulnCheck KEV: CVE-2019-7238
Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...
Exploit for CVE-2019-7238
CVE-2019-7238 Nexus Repository Manager RCE Nexus Repository...
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS...
Cross site scripting
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS...