Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Idera Subscribe
Filtered by product Uptime Infrastructure Monitor
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9263 1 Idera 1 Uptime Infrastructure Monitor 2018-11-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
CVE-2017-11471 1 Idera 1 Uptime Infrastructure Monitor 2017-07-24 7.5 HIGH 9.8 CRITICAL
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVE-2017-11470 1 Idera 1 Uptime Infrastructure Monitor 2017-07-24 7.5 HIGH 9.8 CRITICAL
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVE-2017-11469 1 Idera 1 Uptime Infrastructure Monitor 2017-07-24 5.0 MEDIUM 7.5 HIGH
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVE-2015-8268 1 Idera 1 Uptime Infrastructure Monitor 2016-06-10 5.0 MEDIUM 7.5 HIGH
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-2896 1 Idera 1 Uptime Infrastructure Monitor 2015-12-31 5.0 MEDIUM 5.3 MEDIUM
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
CVE-2015-2895 1 Idera 1 Uptime Infrastructure Monitor 2015-12-31 7.5 HIGH 7.3 HIGH
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
CVE-2015-2894 1 Idera 1 Uptime Infrastructure Monitor 2015-12-31 5.0 MEDIUM 5.3 MEDIUM
Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.