Skip to main content

Uptime Infrastructure Monitor

7 CVEs product

Monthly

CVE-2017-11471 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-11470 CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-11469 HIGH POC This Week

get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Uptime Infrastructure Monitor
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
7.2%
CVE-2015-8268 HIGH This Week

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-2896 MEDIUM This Month

The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2895 HIGH This Week

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Uptime Infrastructure Monitor
NVD
CVSS 3.0
7.3
EPSS
4.4%
CVE-2015-2894 MEDIUM This Month

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uptime Infrastructure Monitor
NVD
CVSS 3.0
5.3
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Uptime Infrastructure Monitor
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH POC This Week

get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Uptime Infrastructure Monitor
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
EPSS 4% CVSS 7.3
HIGH This Week

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Uptime Infrastructure Monitor
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uptime Infrastructure Monitor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy