Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww diaenergie vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-44544
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.
Deltaww Diaenergie
6.1
CVSSv3
CVE-2021-31558
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
Deltaww Diaenergie
6.1
CVSSv3
CVE-2021-44471
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32955
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an malicious user to remotely execute code.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an malicious user to add a new administrative user without being authenticated or authorized, which may allow the malicious user to log in and use the device with administrative privileges.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of...
Deltaww Diaenergie
4.3
CVSSv3
CVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an malicious user to cause a user to carry out an action unintentionally.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-25980
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-43774
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an malicious user to gain code execution on a remote system.
Deltaww Diaenergie 1.9.0
9.8
CVSSv3
CVE-2022-43775
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an malicious user to gain code execution on a remote system.
Deltaww Diaenergie 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »