CVE-2019-7667 — CVSS 9.8 (critical): Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker…
CVE-2019-7671 — CVSS 9.0 (critical): Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user…
CVE-2019-7669 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote…
CVE-2019-9189 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the…
CVE-2019-7281 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker…
CVE-2019-7666 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password…
CVE-2019-7280 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which…
CVE-2019-7672 — CVSS 8.8 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which…
CVE-2019-7670 — CVSS 7.2 (high): Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended…