69 matches found
CVE-2019-7672
Affected software: Prima Systems FlexAir, versions 2.3.38 and earlier. Vulnerability: Use of hard-coded username/password in the flash web interface enables an authenticated attacker to escalate privileges. Root cause: hard-coded credentials in the Web UI. Impact: potential privilege escalation o...
CVE-2019-7672
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges...
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
Design/Logic Flaw
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
CVE-2019-9189
Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
PT-2019-18695 · Prima Systems · Flexair
Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue concerns a hard-coded username and password in the flash version of the web interface. This may allow an authenticated attacker to escalate privileges. Recommendations: Fo...
PT-2019-18694 · Prima Systems · Flexair
Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue arises from parameters sent to scripts not being properly sanitized before being returned to the user. This may allow an attacker to execute arbitrary code in a user’s...