Lucene search
K
DnatoolsDnalims

4 matches found

CVE
CVE
added 2017/03/09 7:0 p.m.73 views

CVE-2017-6526

CVE-2017-6526 affects dnaTools dnaLIMS 4-2015s13. An unauthenticated command-execution flaw exists via an improperly protected administrative web shell at cgi-bin/dna/sysAdmin.cgi, triggered by POST requests. Public sources describe that the web interface bypasses authentication, enabling remote ...

10CVSS9.4AI score0.574EPSS
Web
CVE
CVE
added 2017/03/09 7:0 p.m.58 views

CVE-2017-6527

CVE-2017-6527 affects dnaTools dnaLIMS 4-2015s13. The vulnerability is a NUL-terminated directory traversal in the viewAppletFsa.cgi seqID parameter that allows an unauthenticated attacker to read files on the host accessible to the web server user. Public materials include PoCs and exploits (Met...

7.5CVSS8.4AI score0.56647EPSS
Web
CVE
CVE
added 2017/03/09 7:0 p.m.56 views

CVE-2017-6528

CVE-2017-6528 corresponds to an insecure password storage issue in dnaLIMS 4-2015s13, where passwords are stored in clear text in the file /home/dna/spool/.pfile. The vulnerability context in the connected documents indicates this plaintext storage can be combined with other flaws (e.g., director...

8.1CVSS8.4AI score0.03438EPSS
Web
CVE
CVE
added 2017/03/09 7:0 p.m.55 views

CVE-2017-6529

CVE-2017-6529 affects dnaTools dnaLIMS 4-2015s13. The vulnerability allows session hijacking by guessing and supplying the UID parameter in URLs that require authentication, where the UID appears to serve as a session identifier. Public descriptions demonstrate that multiple pages rely on a UID p...

8.8CVSS9AI score0.02902EPSS