9 matches found
EUVD-2022-55937
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...
CVE-2022-50795
The CVE-2022-50795 issue affects SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier, where traceroute.php mishandles /tmp, enabling a conditional command injection: local authenticated users can create malicious files in /tmp, and unauthenticated attackers can trigger execution via a single H...
CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...
CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream...
CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...
CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication...
EUVD-2023-60248
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...
CVE-2023-53960
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...
CVE-2023-53963
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...