Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator.
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution.
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
SQL injection vulnerability exists in GetDIAE_usListParameters.
SQL injection vulnerability exists in GetDIAE_slogListParameters.
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
SQL injection vulnerability exists in the script Handler_CFG.ashx.
SQL injection vulnerability exists in GetDIAE_astListParameters.
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
SQL injection vulnerability exists in GetDIAE_unListParameters.
​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution
Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution.
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code.
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post's custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user.
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.