34 matches found
EUVD-2017-15584
Malware in sbrugna...
DnaLIMS Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DnaLIMS Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the...
dnaTools dnaLIMS DNA Sequencer Command Injection (CVE-2017-6526)
...
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking (CVE-2017-6526)
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU: 929263...
dnaTools dnaLIMS 4-2015s13 Directory Traversal Nmap NSE Script
local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = dnaLIMS is prone to the Directory Traversal attack. The viewAppletFsa.cgi seqID parameter is...
dnaLIMS Admin Module Command Execution Exploit
Usage Info msf use exploit/linux/http/dnalimsadminexec msf exploitdnalimsadminexec show targets ...targets... msf exploitdnalimsadminexec set TARGET msf exploitdnalimsadminexec show options ...show and set options... msf exploitdnalimsadminexec exploit This module requires Metasploit:...
dnaLIMS Directory Traversal Exploit
This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible to read a file outside the www directory. Usage Info msf use auxiliary/scanner/http/dnalimsfileretrieve msf...
dnaLIMS Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities. Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing...
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...
CVE-2017-6528
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage the /home/dna/spool/.pfile file...
Session fixation
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...
CVE-2017-6529
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter...
CVE-2017-6527
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter...
CVE-2017-6527
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter...
CVE-2017-6528
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage the /home/dna/spool/.pfile file...
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...
Design/Logic Flaw
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage the /home/dna/spool/.pfile file...
Directory traversal
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter...