104 matches found
CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...
CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...
CVE-2023-53960 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x SQL Injection via Authentication Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...
CVE-2023-53960
The CVE-2023-53960 entry relates to SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and describes an SQL injection in the index.php authentication flow that lets an attacker inject SQL via the password POST parameter to bypass authentication and potentially gain unauthorized access. The root cause is ...
Sound4 IMPACT 安全漏洞
Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A security vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from an insecure direct object reference that could lead to an authorization bypass...
Sound4 IMPACT 路径遍历漏洞
Sound4 IMPACT is a professional broadcast audio processor from the French company Sound4. A path traversal vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from a directory traversal in the upgfile parameter, which could lead to arbitrary file writes...
Sound4 IMPACT 操作系统命令注入漏洞
Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. An OS command injection vulnerability exists in Sound4 IMPACT v2.x. The vulnerability stems from an OS command injection in the password parameter, which could lead to remote command execution...
PT-2025-52701
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated issue in the /usr/cgi-bin/restorefactory.cgi endpoint. Remote attackers can send a POST request to this endpoint with specific data to trigger a...
PT-2025-52700
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated OS command injection issue that allows remote attackers to execute arbitrary shell commands. This is possible through the 'password' parameter in t...
SOUND4多款产品 SQL注入漏洞
SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A SQL injection vulnerability exists in several SOUND4 products. The...
Sound4 IMPACT 跨站请求伪造漏洞
Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A cross-site request forgery vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from the fact that cross-site request forgery could lead to unauthorized administrative operations...
PT-2025-52696
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an insecure direct object reference issue. This allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the issue by...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
Sound4 IMPACT 安全漏洞
Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A security vulnerability exists in Sound4 IMPACT that stems from the firmware update mechanism not verifying the integrity of manual.sh, which could lead to remote code execution...
CVE-2025-63215
The CVE concerns the Sound4 IMPACT web-based management interface. A Remote Code Execution (RCE) exists in the firmware update flow because the update package does not verify the integrity of the script manual.sh; an attacker can modify this script and repackage the firmware to inject arbitrary c...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service (DoS)
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service DoS Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...