Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-26013
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-26059
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-26065
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
9.8
CVSSv3
CVE-2022-26069
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
6.1
CVSSv3
CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
Deltaww Diaenergie
4.8
CVSSv3
CVE-2021-38411
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an malicious user to remotely execute co...
Deltaww Dialink
7.8
CVSSv3
CVE-2021-38416
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an malicious user to use DLL hijacking and takeover the system where the software is installed.
Deltaww Dialink
4.8
CVSSv3
CVE-2021-38488
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an malicious user to remotely execute code.
Deltaww Dialink
5.9
CVSSv3
CVE-2021-38418
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an malicious user to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
Deltaww Dialink
8.8
CVSSv3
CVE-2018-7494
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
Deltaww Wplsoft
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »