SQL injection vulnerability exists in GetDIAE_usListParameters.

It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.

Improper neutralization of input within the affected product could lead to cross-site scripting.

SQL injection vulnerability exists in GetDIAE_astListParameters.

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.

SQL injection vulnerability exists in GetDIAE_slogListParameters.

SQL injection vulnerability exists in GetDIAE_unListParameters.

SQL injection vulnerability exists in the script Handler_CFG.ashx.

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.