16 matches found
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
CVE-2019-15588
There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...
CVE-2019-15588
There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...
CVE-2019-15588
Summary (CVE-2019-15588) : Nexus Repository Manager versions up to 2.14.14 are affected by an OS command injection that can lead to remote code execution. The root cause involves untrusted data flowing into CommandLineExecutor.java, notably via the Yum Configuration Capability (createrepo/mergere...
OS Command Injection in Nexus Yum Repository Plugin
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
GHSA-G5M7-57PH-J6P8 OS Command Injection in Nexus Yum Repository Plugin
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
Central Security Project: OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)
OS Command Injection in Nexus Repository Manager 2.xbypass CVE-2019-5475 Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.14-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. A...
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
Remote code execution
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
CVE-2019-5475
CVE-2019-5475 is an OS command injection in the Nexus Yum Repository Plugin (Nexus Repository Manager) that can lead to Remote Code Execution. The vulnerability occurs in the Yum: Configuration capability when the capability’s payload data is not properly sanitized, allowing an attacker with admi...
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...
Central Security Project: OS Command Injection in Nexus Repository Manager 2.x
Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.9-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. All instances using CommandLineExecutor.java with user-supplied data is...
Yum Package Manager Persistence Exploit
This Metasploit module will run a payload when the package manager is used. No handler is run automatically so you must configure an appropriate exploit/multi/handler to connect. Module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what...
Yum Package Manager Persistence
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yum Package Manager Persistence', 'Description' = %q This module will run a payload when the package manager is used. No handler is ran...
Important: Red Hat Security Advisory: rhev-hypervisor6 security, bug fix, and enhancement update
An updated rhev-hypervisor6 package that fixes three security issues, various bugs, and adds an enhancement is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...