Lucene search
K

69 matches found

CVE
CVE
added 2019/06/05 6:49 p.m.64 views

CVE-2019-7672

Affected software: Prima Systems FlexAir, versions 2.3.38 and earlier. Vulnerability: Use of hard-coded username/password in the flash web interface enables an authenticated attacker to escalate privileges. Root cause: hard-coded credentials in the Web UI. Impact: potential privilege escalation o...

8.8CVSS8.5AI score0.02445EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/06/05 6:49 p.m.25 views

CVE-2019-7672

Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges...

8.6AI score0.02445EPSS
Exploits1References4
OSV
OSV
added 2019/06/05 6:29 p.m.3 views

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

8.8CVSS5.9AI score0.1163EPSS
Exploits7References5
NVD
NVD
added 2019/06/05 6:29 p.m.45 views

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

9CVSS9.1AI score0.1163EPSS
Exploits7References5
Prion
Prion
added 2019/06/05 6:29 p.m.20 views

Design/Logic Flaw

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

9CVSS8.7AI score0.1163EPSS
Exploits7References5Affected Software1
CVE
CVE
added 2019/06/05 5:20 p.m.85 views

CVE-2019-9189

Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...

9CVSS8.7AI score0.1163EPSS
Exploits7References5Affected Software1
Cvelist
Cvelist
added 2019/06/05 5:20 p.m.51 views

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

8.8AI score0.1163EPSS
Exploits7References5
Positive Technologies
Positive Technologies
added 2019/06/05 12:0 a.m.4 views

PT-2019-18695 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue concerns a hard-coded username and password in the flash version of the web interface. This may allow an authenticated attacker to escalate privileges. Recommendations: Fo...

8.8CVSS8.7AI score0.02445EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2019/06/05 12:0 a.m.5 views

PT-2019-18694 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue arises from parameters sent to scripts not being properly sanitized before being returned to the user. This may allow an attacker to execute arbitrary code in a user’s...

9CVSS7.3AI score0.08256EPSS
Exploits5References7
Rows per page
Query Builder