Lucene search
K

69 matches found

NVD
NVD
added 2019/07/01 7:15 p.m.21 views

CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

9CVSS8.9AI score0.31419EPSS
Exploits2References4
NVD
NVD
added 2019/07/01 7:15 p.m.33 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.8CVSS9.7AI score0.04497EPSS
Exploits5References4
NVD
NVD
added 2019/07/01 7:15 p.m.28 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

8.8CVSS8.9AI score0.02352EPSS
Exploits0References3
OSV
OSV
added 2019/07/01 7:15 p.m.3 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.8CVSS7.3AI score0.04497EPSS
Exploits5References4
NVD
NVD
added 2019/07/01 7:15 p.m.17 views

CVE-2019-7668

Prima Systems FlexAir devices have Default Credentials...

9.8CVSS9.6AI score0.0162EPSS
Exploits0References2
OSV
OSV
added 2019/07/01 7:15 p.m.2 views

CVE-2019-7668

Prima Systems FlexAir devices have Default Credentials...

9.8CVSS7.3AI score0.0162EPSS
Exploits0References2
OSV
OSV
added 2019/07/01 7:15 p.m.6 views

CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

8.8CVSS5.9AI score0.31419EPSS
Exploits2References4
NVD
NVD
added 2019/07/01 7:15 p.m.43 views

CVE-2019-7670

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

9CVSS7.7AI score0.18306EPSS
Exploits5References4
Prion
Prion
added 2019/07/01 7:15 p.m.13 views

Code injection

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

6.8CVSS8.9AI score0.00944EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.15 views

Input validation

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

9CVSS8.8AI score0.31419EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.15 views

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

6.4CVSS9.6AI score0.04497EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.15 views

Command injection

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

9CVSS7.1AI score0.18306EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.21 views

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

4CVSS8.8AI score0.02352EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.16 views

Default credentials

Prima Systems FlexAir devices have Default Credentials...

5CVSS9.4AI score0.0162EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/01 7:15 p.m.17 views

Authentication flaw

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

6.5CVSS9.2AI score0.1482EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2019/07/01 6:31 p.m.74 views

CVE-2019-7280

The CVE affects Prima Systems FlexAir up to version 2.3.38. The issue is that the session-ID is of insufficient length, allowing brute-force attempts to obtain a valid session and bypass authentication, potentially enabling remote access. Public references describe multiple CVEs in the same relea...

8.8CVSS8.4AI score0.02352EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/01 6:31 p.m.29 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

8.5AI score0.02352EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/01 6:29 p.m.20 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.6AI score0.00944EPSS
Exploits0References3
CVE
CVE
added 2019/07/01 6:29 p.m.67 views

CVE-2019-7281

CVE-2019-7281 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is CSRF: an unauthenticated user can cause unverified HTTP requests that may let an attacker perform actions with administrative privileges when a logged-in user visits a malicious site. The ICSA advisory...

8.8CVSS8.5AI score0.00944EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/01 6:27 p.m.105 views

CVE-2019-7666

CVE-2019-7666 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is improper authentication via the MD5 hash of the password, potentially allowing an attacker with database access to log in as admin without decrypting the password. Public sources in the connected docs ...

8.8CVSS8.6AI score0.1482EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder