Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flexair vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-7666
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
Primasystems Flexair
1 EDB exploit
6.4
CVSSv2
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and dis...
Primasystems Flexair
9
CVSSv2
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authent...
Primasystems Flexair
1 EDB exploit
4
CVSSv2
CVE-2019-7280
Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote malicious user to obtain a valid session and bypass authentication.
Primasystems Flexair
6.8
CVSSv2
CVE-2019-7281
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the malicious user to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
Primasystems Flexair
9
CVSSv2
CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated malicious user to upload and execute malicious applications within the application’s web root with root privileges.
Primasystems Flexair
9
CVSSv2
CVE-2019-7670
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow malicious users to execute commands directly on the operating system.
Primasystems Flexair
6.5
CVSSv2
CVE-2019-7672
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated malicious user to escalate privileges.
Primasystems Flexair
5
CVSSv2
CVE-2019-7668
Prima Systems FlexAir devices have Default Credentials.
Primasystems Flexair
3.5
CVSSv2
CVE-2019-7671
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an malicious user to execute arbitrary code in a user’s browser session in context of an affected site.
Primasystems Flexair
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started