Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.14 views

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

8.8CVSS7AI score0.1482EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.8 views

CVE-2019-7671

Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site...

9CVSS7.6AI score0.08256EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.6 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.8CVSS7AI score0.00944EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17204

Malware in sbrugna...

8.8CVSS8.7AI score0.02445EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-16824

Malware in sbrugna...

8.8CVSS8.7AI score0.02352EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.14 views

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

9CVSS7.1AI score0.1163EPSS
Exploits7References1
ICS
ICS
added 2019/07/30 12:0 a.m.155 views

Prima Systems FlexAir

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities : OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site...

9.8CVSS9.6AI score0.31419EPSS
Exploits26References5
NVD
NVD
added 2019/07/01 7:15 p.m.16 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.8CVSS9AI score0.00944EPSS
Exploits0References3
NVD
NVD
added 2019/07/01 7:15 p.m.27 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

8.8CVSS8.9AI score0.02352EPSS
Exploits0References3
NVD
NVD
added 2019/07/01 7:15 p.m.32 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.8CVSS9.7AI score0.04497EPSS
Exploits5References4
OSV
OSV
added 2019/07/01 7:15 p.m.3 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.8CVSS7.3AI score0.04497EPSS
Exploits5References4
NVD
NVD
added 2019/07/01 7:15 p.m.21 views

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

8.8CVSS9.1AI score0.1482EPSS
Exploits5References4
Prion
Prion
added 2019/07/01 7:15 p.m.15 views

Input validation

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

9CVSS8.8AI score0.31419EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.13 views

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

6.5CVSS9.2AI score0.1482EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.13 views

Command injection

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

9CVSS7.1AI score0.18306EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.21 views

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

4CVSS8.8AI score0.02352EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.13 views

Code injection

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

6.8CVSS8.9AI score0.00944EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.16 views

Default credentials

Prima Systems FlexAir devices have Default Credentials...

5CVSS9.4AI score0.0162EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/01 6:31 p.m.28 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

8.5AI score0.02352EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/01 6:29 p.m.19 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.6AI score0.00944EPSS
Exploits0References3
Rows per page
Query Builder