Shorebreak Security - Security Researcher - Exploit Intelligence Platform

CVE-2017-6528 EXPLOITDB HIGH text WRITEUP

dnaTools dnaLIMS 4-2015s13 - Insufficiently Protected Credentials in Password Storage

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).

CVSS 8.1

View Code

CVE-2017-6527 EXPLOITDB HIGH text WRITEUP

dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

CVSS 7.5

View Code

CVE-2017-6526 EXPLOITDB CRITICAL text WRITEUP

dnaTools dnaLIMS 4-2015s13 - Unauthenticated Remote Code Execution via sysAdmin.cgi

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).

CVSS 9.8

View Code

CVE-2017-6529 EXPLOITDB HIGH text WRITEUP

dnaTools dnaLIMS 4-2015s13 - Session Hijacking via UID Parameter Guessing

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

CVSS 8.8

View Code