CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

CVE-2019-7671

Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site...

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

CVE-2019-7672

Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges...

EUVD-2019-17200

Malware in sbrugna...

EUVD-2019-17204

Malware in sbrugna...

EUVD-2019-16824

Malware in sbrugna...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

CVE-2019-7668

Prima Systems FlexAir devices have Default Credentials...

Prima Systems FlexAir Command Injection (CVE-2019-7670)

A command injection vulnerability exists in Prima Systems FlexAir. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Prima Systems FlexAir Authentication Bypass (CVE-2019-7667)

An authentication bypass vulnerability exists in Prima Systems FlexAir Access Control Database. Successful exploitation of this vulnerability could allow an attacker to download the database file, disclose login information, and have full access to the system...

FlexAir Access Control 2.4.9api3 - Remote Code Execution

Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.4.9api3 Tested...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution

Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: NA CVE : CVE-2019-7670...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: ...

Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name

!/usr/bin/env python -- coding: utf8 -- Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit Authentication Bypass Login with MD5 hash CVE: CVE-2019-7666, CVE-2019-7667 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

FlexAir Access Control 2.3.35 - Authentication Bypass

Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA...

FlexAir Access Control 2.3.38 Remote Root

!/usr/bin/env python Authenticated Remote Root Exploit for Prima FlexAir Access Control 2.3.38 via Command Injection in SetNTPServer request, Server parameter. CVE: CVE-2019-7670 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...