SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allow an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilization of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a hardcoded credential vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated directory traversal file write vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username persistent cross site scripting vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an information disclosure vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in dns.php.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated radio stream disclosure vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in ping.php.
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from an unauthenticated file disclosure vulnerability.
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a services related authenticated command injection vulnerability.