Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
primasystems vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and dis...
Primasystems Flexair
445
VMScore
CVE-2019-7668
Prima Systems FlexAir devices have Default Credentials.
Primasystems Flexair
801
VMScore
CVE-2019-7670
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow malicious users to execute commands directly on the operating system.
Primasystems Flexair
578
VMScore
CVE-2019-7672
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated malicious user to escalate privileges.
Primasystems Flexair
655
VMScore
CVE-2019-7666
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
Primasystems Flexair
1 EDB exploit
801
VMScore
CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated malicious user to upload and execute malicious applications within the application’s web root with root privileges.
Primasystems Flexair
355
VMScore
CVE-2019-7671
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an malicious user to execute arbitrary code in a user’s browser session in context of an affected site.
Primasystems Flexair
1 EDB exploit
905
VMScore
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authent...
Primasystems Flexair
1 EDB exploit
356
VMScore
CVE-2019-7280
Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote malicious user to obtain a valid session and bypass authentication.
Primasystems Flexair
605
VMScore
CVE-2019-7281
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the malicious user to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
Primasystems Flexair
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started