Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...

EUVD-2022-55932

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...

CVE-2022-50787

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

CVE-2022-50787

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victi...

CVE-2022-50694

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

CVE-2022-50692

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...

CVE-2022-50695

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting...

CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

CVE-2022-50790

CVE-2022-50790 affects SOUND4 IMPACT/FIRST/PULSE/Eco 2.x and earlier. The root cause is an unauthenticated web script exposure (via webplay or ffmpeg scripts) that allows remote attackers to disclose live radio stream information. Impact is information disclosure of radio stream details; no integ...

CVE-2022-50696 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Hardcoded Credentials Authentication Bypass

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions...

PT-2025-54242

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated command injection issue. An attacker can inject arbitrary shell commands through the HTTP POST username parameter in the index.php and...

PT-2025-54240

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated file disclosure issue that allows remote attackers to access sensitive system files. Attackers can exploit the issue by manipulating the...

PT-2025-52698

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains a cross-site request forgery issue that may allow attackers to perform administrative actions without user consent. Attackers can create malicious web pages that subm...

Sound4 IMPACT 路径遍历漏洞

Sound4 IMPACT is a professional broadcast audio processor from the French company Sound4. A path traversal vulnerability exists in Sound4 IMPACT version v2.x. The vulnerability stems from a directory traversal in the upgfile parameter, which could lead to arbitrary file writes...

PT-2023-2564 · Illumina · Illumina Universal Copy Service

Name of the Vulnerable Software and Affected Versions: Illumina Universal Copy Service versions 2.x Description: The issue is related to the binding of Illumina Universal Copy Service to an unrestricted IP address, allowing an unauthenticated malicious actor to use the service to listen on all IP...

CVE-2023-0228

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Realtek Jungle SDK 安全漏洞

The Realtek Jungle SDK from China's Realtek Semiconductor Realtek provides an HTTP web server that exposes a management interface that can be used to configure access points. A security vulnerability exists in the Realtek Jungle SDK, which stems from a failure of the product's configuration...