25 matches found
EUVD-2022-55939
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
EUVD-2022-55934
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...
EUVD-2022-55941
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting...
EUVD-2022-55936
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
EUVD-2022-55943
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2022-50792
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...
CVE-2022-50790
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
CVE-2022-50787
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
CVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...
CVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2022-50694
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...
CVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...
CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...
CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...
CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
PT-2025-54240
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated file disclosure issue that allows remote attackers to access sensitive system files. Attackers can exploit the issue by manipulating the...
PT-2025-54235
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...
PT-2025-54242
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated command injection issue. An attacker can inject arbitrary shell commands through the HTTP POST username parameter in the index.php and...
EUVD-2023-60249
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...