Simon Humbert

**Name of the Vulnerable Software and Affected Versions** Delta Electronics InfraSuite Device Master versions prior to 1.0.12 **Description** The issue is a deserialization vulnerability that targets the Device-Gateway, allowing deserialization of arbitrary .NET objects prior to authentication. This vulnerability could lead to remote code execution. **Recommendations** For versions prior to 1.0.12, update to version 1.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the Device-Gateway to minimize the risk of exploitation. Avoid using the ` gExtraInfo` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CNCSoft versions prior to 1.01.34 ScreenEditor versions prior to 1.01.5 **Description** The issue is caused by a stack-based buffer overflow. This could allow an attacker to remotely execute arbitrary code. **Recommendations** For CNCSoft versions prior to 1.01.34, update to version 1.01.34 or later. For ScreenEditor versions prior to 1.01.5, update to version 1.01.5 or later.

**Name of the Vulnerable Software and Affected Versions** ManageEngine ADManager Plus versions prior to 7181 **Description** The issue allows for authenticated users to exploit command injection via Proxy settings. This is due to the lack of neutralization of special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 7181, update to version 7181 or later to resolve the command injection issue in the Proxy settings. As a temporary workaround, consider restricting access to the Proxy settings until a patch is available.