Dnatools Dnalims vulnerabilities
4 known vulnerabilities affecting dnatools/dnalims.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2017-6526P2CRITICALCVSS 9.8PoCv4-2015s132017-03-09
CVE-2017-6526 [CRITICAL] CWE-287 CVE-2017-6526: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated comm
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
nvd
CVE-2017-6527P2HIGHCVSS 7.5PoCv4-2015s132017-03-09
CVE-2017-6527 [HIGH] CWE-22 CVE-2017-6527: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated dir
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
nvd
CVE-2017-6528P3HIGHCVSS 8.1PoCv4-2015s132017-03-09
CVE-2017-6528 [HIGH] CWE-522 CVE-2017-6528: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password sto
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
nvd
CVE-2017-6529P3HIGHCVSS 8.8PoCv4-2015s132017-03-09
CVE-2017-6529 [HIGH] CWE-613 CVE-2017-6529: An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
nvd