Lucene search
K

9 matches found

EUVD
EUVD
added 2025/12/31 12:31 a.m.5 views

EUVD-2022-55937

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

8.5CVSS7AI score0.03744EPSS
Exploits2References6
CVE
CVE
added 2025/12/30 10:41 p.m.12 views

CVE-2022-50795

The CVE-2022-50795 issue affects SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier, where traceroute.php mishandles /tmp, enabling a conditional command injection: local authenticated users can create malicious files in /tmp, and unauthenticated attackers can trigger execution via a single H...

8.5CVSS7.3AI score0.03713EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.26 views

CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

9.8CVSS0.03264EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.27 views

CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...

7.5CVSS0.00726EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.23 views

CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...

7.5CVSS0.00741EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.2 views

CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...

7.5CVSS6AI score0.00741EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.3 views

EUVD-2023-60248

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.8CVSS8.1AI score0.0303EPSS
Exploits2References5
OSV
OSV
added 2025/12/22 10:16 p.m.4 views

CVE-2023-53960

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.8CVSS6AI score0.00661EPSS
Exploits2References4
OSV
OSV
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.3CVSS6.1AI score0.0303EPSS
Exploits2References4
Rows per page
Query Builder