VYPR

Dnalims

by Dnatools

CVEs (4)

  • CVE-2017-6526CriMar 9, 2017
    risk 0.71cvss 9.8epss 0.57

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).

  • CVE-2017-6529HigMar 9, 2017
    risk 0.60cvss 8.8epss 0.03

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

  • CVE-2017-6528HigMar 9, 2017
    risk 0.56cvss 8.1epss 0.03

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).

  • CVE-2017-6527HigMar 9, 2017
    risk 0.56cvss 7.5epss 0.57

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).