cbcvebase.

Dnatools Dnalims vulnerabilities

4 known vulnerabilities affecting dnatools/dnalims.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2017-6526P2CRITICALCVSS 9.8PoCv4-2015s132017-03-09
CVE-2017-6526 [CRITICAL] CWE-287 CVE-2017-6526: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated comm An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
nvd
CVE-2017-6527P2HIGHCVSS 7.5PoCv4-2015s132017-03-09
CVE-2017-6527 [HIGH] CWE-22 CVE-2017-6527: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated dir An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
nvd
CVE-2017-6528P3HIGHCVSS 8.1PoCv4-2015s132017-03-09
CVE-2017-6528 [HIGH] CWE-522 CVE-2017-6528: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password sto An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
nvd
CVE-2017-6529P3HIGHCVSS 8.8PoCv4-2015s132017-03-09
CVE-2017-6529 [HIGH] CWE-613 CVE-2017-6529: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
nvd
Dnatools Dnalims vulnerabilities | cvebase