Lucene search
AttackerKBAKB:DC6838DD-AEEB-4CA4-8F05-ED44758B80FCHistoryMar 09, 2017 - 12:00 a.m.
CVE-2017-6527
2017-03-0900:00:00
attackerkb.com
7
0.81 High
EPSS
Percentile
98.4%
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
Recent assessments:
h00die at March 27, 2020 4:37pm UTC reported:
Typically you’ll want to combine this vulnerability with CVE-2017-6528 to download the user/password database. Developer was not interested in patching this vulnerability. This is just a typical directory traversal, but a null %00 at the end. In production we found this to be 4 ../ of depth.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
Related
openvas
openvas
dnaLIMS Multiple Security Vulnerabilities
2017-03-13 00:00:00
seebug
seebug
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking (CVE-2017-6526)
2017-04-10 00:00:00
packetstorm
packetstorm
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
2017-03-10 00:00:00
dnaTools dnaLIMS 4-2015s13 Directory Traversal Nmap NSE Script
2017-04-08 00:00:00
zdt
zdt
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
2017-03-10 00:00:00
dnaLIMS Directory Traversal Exploit
2017-04-02 00:00:00
exploitpack
exploitpack
attackerkb
attackerkb
CVE-2017-6528
2017-03-09 00:00:00
prion
prion
Design/Logic Flaw
2017-03-09 19:59:00
Directory traversal
2017-03-09 19:59:00
cve
cve
CVE-2017-6527
2017-03-09 19:59:00
CVE-2017-6528
2017-03-09 19:59:00
cvelist
cvelist
CVE-2017-6527
2017-03-09 19:00:00
CVE-2017-6528
2017-03-09 19:00:00
nvd
nvd
CVE-2017-6528
2017-03-09 19:59:00
CVE-2017-6527
2017-03-09 19:59:00
exploitdb
exploitdb