Test ID:	1.3.6.1.4.1.25623.1.0.140183
Category:	Web application abuses
Title:	dnaLIMS Multiple Security Vulnerabilities
Summary:	dnaLIMS is prone to the following security vulnerabilities:;; 1. A command-injection vulnerability;; 2. An directory traversal vulnerability;; 3. An insecure password storage vulnerability;; 4. A session-hijacking vulnerability;; 5. Multiple cross-site scripting vulnerabilities;; 6. A security bypass vulnerability
Description:	Summary: dnaLIMS is prone to the following security vulnerabilities: 1. A command-injection vulnerability 2. An directory traversal vulnerability 3. An insecure password storage vulnerability 4. A session-hijacking vulnerability 5. Multiple cross-site scripting vulnerabilities 6. A security bypass vulnerability Vulnerability Impact: An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, steal cookie-based authentication credentials, or execute arbitrary commands in the context of the affected application. This may lead to further attacks. Solution: Ask the Vendor for an update. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6526 BugTraq ID: 96823 http://www.securityfocus.com/bid/96823 https://www.exploit-db.com/exploits/41578/ https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Common Vulnerability Exposure (CVE) ID: CVE-2017-6527 Common Vulnerability Exposure (CVE) ID: CVE-2017-6528 Common Vulnerability Exposure (CVE) ID: CVE-2017-6529
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.