4 matches found
CVE-2017-6526
CVE-2017-6526 affects dnaTools dnaLIMS 4-2015s13. An unauthenticated command-execution flaw exists via an improperly protected administrative web shell at cgi-bin/dna/sysAdmin.cgi, triggered by POST requests. Public sources describe that the web interface bypasses authentication, enabling remote ...
CVE-2017-6527
CVE-2017-6527 affects dnaTools dnaLIMS 4-2015s13. The vulnerability is a NUL-terminated directory traversal in the viewAppletFsa.cgi seqID parameter that allows an unauthenticated attacker to read files on the host accessible to the web server user. Public materials include PoCs and exploits (Met...
CVE-2017-6528
CVE-2017-6528 corresponds to an insecure password storage issue in dnaLIMS 4-2015s13, where passwords are stored in clear text in the file /home/dna/spool/.pfile. The vulnerability context in the connected documents indicates this plaintext storage can be combined with other flaws (e.g., director...
CVE-2017-6529
CVE-2017-6529 affects dnaTools dnaLIMS 4-2015s13. The vulnerability allows session hijacking by guessing and supplying the UID parameter in URLs that require authentication, where the UID appears to serve as a session identifier. Public descriptions demonstrate that multiple pages rely on a UID p...