Lucene search
K

104 matches found

Vulnrichment
Vulnrichment
added 2025/12/22 9:37 p.m.3 views

CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.8CVSS6.8AI score0.00758EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.26 views

CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.8CVSS0.00758EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/22 9:37 p.m.4 views

CVE-2023-53960 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x SQL Injection via Authentication Bypass

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.8CVSS8.1AI score0.00661EPSS
Exploits2References4
CVE
CVE
added 2025/12/22 9:37 p.m.23 views

CVE-2023-53960

The CVE-2023-53960 entry relates to SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and describes an SQL injection in the index.php authentication flow that lets an attacker inject SQL via the password POST parameter to bypass authentication and potentially gain unauthorized access. The root cause is ...

9.8CVSS8.1AI score0.00661EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Sound4 IMPACT 安全漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A security vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from an insecure direct object reference that could lead to an authorization bypass...

9.8CVSS6.7AI score0.00758EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Sound4 IMPACT 路径遍历漏洞

Sound4 IMPACT is a professional broadcast audio processor from the French company Sound4. A path traversal vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from a directory traversal in the upgfile parameter, which could lead to arbitrary file writes...

8.8CVSS6.8AI score0.01042EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Sound4 IMPACT 操作系统命令注入漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. An OS command injection vulnerability exists in Sound4 IMPACT v2.x. The vulnerability stems from an OS command injection in the password parameter, which could lead to remote command execution...

9.8CVSS7.8AI score0.0303EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52701

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated issue in the /usr/cgi-bin/restorefactory.cgi endpoint. Remote attackers can send a POST request to this endpoint with specific data to trigger a...

8.8CVSS7AI score0.00872EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.4 views

PT-2025-52700

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated OS command injection issue that allows remote attackers to execute arbitrary shell commands. This is possible through the 'password' parameter in t...

9.8CVSS8.1AI score0.0303EPSS
Exploits2References9
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.6 views

SOUND4多款产品 SQL注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A SQL injection vulnerability exists in several SOUND4 products. The...

9.8CVSS7.9AI score0.00661EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Sound4 IMPACT 跨站请求伪造漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A cross-site request forgery vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from the fact that cross-site request forgery could lead to unauthorized administrative operations...

5.1CVSS6.6AI score0.00159EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.8 views

PT-2025-52696

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an insecure direct object reference issue. This allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the issue by...

9.8CVSS6.7AI score0.00758EPSS
Exploits2References9
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.12 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.2CVSS7.7AI score0.00413EPSS
Exploits1References1
OSV
OSV
added 2025/11/18 10:15 p.m.11 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.2CVSS6AI score0.00413EPSS
Exploits1References3
NVD
NVD
added 2025/11/18 10:15 p.m.6 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.2CVSS0.00413EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.9 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

0.00413EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

Sound4 IMPACT 安全漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. A security vulnerability exists in Sound4 IMPACT that stems from the firmware update mechanism not verifying the integrity of manual.sh, which could lead to remote code execution...

7.2CVSS7.8AI score0.00413EPSS
Exploits1References4
CVE
CVE
added 2025/11/18 12:0 a.m.14 views

CVE-2025-63215

The CVE concerns the Sound4 IMPACT web-based management interface. A Remote Code Execution (RCE) exists in the firmware update flow because the update package does not verify the integrity of the script manual.sh; an attacker can modify this script and repackage the firmware to inject arbitrary c...

7.2CVSS7.3AI score0.00413EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2023/03/31 12:0 a.m.143 views

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/31 12:0 a.m.160 views

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service (DoS)

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service DoS Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...

7.4AI score
Exploits0
Rows per page
Query Builder