EUVD-2023-60244

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

CVE-2023-53963

CVE-2023-53963 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x and describes an unauthenticated OS command injection via the password parameter in login.php and index.php, enabling remote command execution with web server privileges. Public references document a PoC and multiple exploits (e.g., Exploi...

CVE-2023-53961

CVE-2023-53961 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x (and related SOUND4 processors per ZSL reference) with a cross-site request forgery. The issue allows an attacker to cause administrative actions on a logged-in user’s session by visiting a malicious page that submits HTTP requests to the ...

CVE-2023-53961 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Cross-Site Request Forgery

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

CVE-2023-53955 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object References

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

SOUND4多款产品 SQL注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A SQL injection vulnerability exists in several SOUND4 products. The...

SOUND4多款产品 访问控制错误漏洞

SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is a broadcast audio processor.SOUND4 PULSE is an audio processor. An access control error vulnerability exists in various SOUND4 products that originates in th...

PT-2025-52697

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an SQL injection flaw in the 'index.php' authentication process. An attacker can manipulate login credentials by injecting malicious SQL code through the password POS...

PT-2025-52701

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated issue in the /usr/cgi-bin/restorefactory.cgi endpoint. Remote attackers can send a POST request to this endpoint with specific data to trigger a...

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

CVE-2025-68613

creationtimestamp| type| source ---|---|--- 2025-12-20 00:05:16+00:00| seen| https://infosec.exchange/users/offseq/statuses/115748969807044248 2025-12-20 00:05:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3maevthtqni2n 2025-12-22 09:44:34+00:00| seen|...

CVE-2025-62000

BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the first four bytes unaltered. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other...

AI Advertising Company Hacked

At least some of this is coming to light: Doublespeed, a startup backed by Andreessen Horowitz a16z that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated accounts are promoting...

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process CVE-2018-0802 to download and execute malicious cod...

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

CVE-2025-66501

Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...

CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...