CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2018/02/09 10:29 p.m.•9 views

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

6.1CVSS6.1AI score0.00329EPSS

Prion•added 2018/02/09 10:29 p.m.•15 views

Cross site scripting

4.3CVSS6AI score0.0032EPSS

Prion•added 2018/02/09 10:29 p.m.•18 views

Cross site scripting

4.3CVSS6AI score0.00329EPSS

CVE•added 2018/02/09 10:0 p.m.•44 views

CVE-2018-5307

Summary: CVE-2018-5307 covers multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (NXRM) 2.x prior to 2.14.6, with exploitation possible via several parameters/files (repoId, format parameter to healthCheckFileDetail, staging upload filename, username on user ...

6.1CVSS6AI score0.0032EPSS

CVE•added 2018/02/09 10:0 p.m.•40 views

CVE-2018-5306

CVE-2018-5306 affects Sonatype Nexus Repository Manager (NXRM) 3.x prior to 3.8. An XSS flaw exists across multiple vectors: repoId/format in healthCheckFileDetail, File Upload in Staging Upload, username during user creation, and IQ Server URL field in IQ Server Connection. Exploitation could in...

6.1CVSS6AI score0.00329EPSS

Cvelist•added 2018/02/09 10:0 p.m.•14 views

CVE-2018-5306

6.1AI score0.00329EPSS

Cvelist•added 2018/02/09 10:0 p.m.•11 views

CVE-2018-5307

6.1AI score0.0032EPSS

Packet Storm•added 2018/02/08 12:0 a.m.•79 views

Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: =2.14.5, =3.7.1 fixed version: 2.14.6, 3.8.0 CVE...

6.4AI score0.00329EPSS

Exploits4

CNVD•added 2017/12/19 12:0 a.m.•1 views

Sonatype Nexus Repository Manager Weak Password Vulnerability

Sonatype Nexus Repository Manager is a maven repository manager. A security vulnerability exists in the LDAP integration feature in Sonatype Nexus Repository Manager 2.14.5 and earlier versions, which stems from the program's use of hard-coded CMMDwoV values to encrypt passwords. An attacker coul...

10CVSS6.7AI score0.00116EPSS

OpenVAS•added 2017/12/19 12:0 a.m.•70 views

Sonatype Nexus Repository Manager 2.x Weak Password Encryption Vulnerability (Dec 2017)

Sonatype Nexus Repository Manager has a weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

10CVSS9.7AI score0.00116EPSS

OSV•added 2017/12/17 5:29 p.m.•14 views

CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

9.8CVSS7AI score

CVE•added 2017/12/17 5:0 p.m.•61 views

CVE-2017-17717

CVE-2017-17717 affects Sonatype Nexus Repository Manager up to version 2.14.5. The vulnerability lies in the LDAP integration feature, which uses hard-coded CMMDwoV values to encrypt passwords, resulting in weak password encryption. Documents consistently describe the issue as a weakness in passw...

10CVSS9.5AI score0.00116EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2017/01/24 12:0 a.m.•60 views

HP Version Control Repository Manager < 7.6.0 Multiple Vulnerabilities

According to its self-reported version, the HP Version Control Repository Manager VCRM application installed on the remote Windows host is prior to 7.6.0. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in OpenSSL in x509vfy.c due to improper...

8.8CVSS7.4AI score0.0987EPSS

Exploits1References6

CNVD•added 2016/12/20 12:0 a.m.•1 views

HPE Version Control Repository Manager Cross-Site Request Forgery Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. A cross-site request forgery vulnerability exists in HPE Version Control Repository Manager VCRM versions prior to 7.6. A remote...

8CVSS6.7AI score0.00164EPSS

CNVD•added 2016/12/20 12:0 a.m.•1 views

HPE Version Control Repository Manager Information Disclosure Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. An information disclosure vulnerability exists in HPE Version Control Repository Manager versions prior to 7.6. A remote attacker...

6.5CVSS6.2AI score0.00536EPSS

CNVD•added 2016/12/20 12:0 a.m.•1 views

HPE Version Control Repository Manager File Upload Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. A security vulnerability exists in HPE Version Control Repository Manager VCRM versions prior to 7.6. A remote attacker could exploi...

8.8CVSS7.1AI score0.01521EPSS

Tenable Nessus•added 2016/07/20 12:0 a.m.•282 views

Sonatype Nexus Repository Manager Java Object Deserialization RCE

The Sonatype Nexus Repository Manager server application running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit...

6.9AI score

Exploits0References2

Tenable Nessus•added 2016/07/20 12:0 a.m.•15 views

Sonatype Nexus Repository Manager Detection

Binary data sonatypenexusdetect.nbin...

7.3AI score