cbcvebase.

Idera Uptime Infrastructure Monitor vulnerabilities

8 known vulnerabilities affecting idera/uptime_infrastructure_monitor.

Total CVEs
8
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2015-9263P2CRITICALCVSS 9.8PoCv7.4.0v7.5.02018-08-27
CVE-2015-9263 [CRITICAL] CWE-434 CVE-2015-9263: An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (b An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
nvd
CVE-2017-11470P3CRITICALCVSS 9.8PoCv7.82017-07-20
CVE-2017-11470 [CRITICAL] CWE-89 CVE-2017-11470: IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxe IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
nvd
CVE-2017-11471P3CRITICALCVSS 9.8PoCv7.82017-07-20
CVE-2017-11471 [CRITICAL] CWE-89 CVE-2017-11471: IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getme IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
nvd
CVE-2017-11469P3HIGHCVSS 7.5PoCv7.82017-07-20
CVE-2017-11469 [HIGH] CWE-22 CVE-2017-11469: get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
nvd
CVE-2015-8268P3HIGHCVSS 7.5v7.5v7.62016-06-10
CVE-2015-8268 [HIGH] CWE-200 CVE-2015-8268: The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attacker The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2015-2895P3HIGHCVSS 7.3v7.42015-12-31
CVE-2015-2895 [HIGH] CWE-119 CVE-2015-2895: Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
nvd
CVE-2015-2896P4MEDIUMCVSS 5.3≤ 7.62015-12-31
CVE-2015-2896 [MEDIUM] CWE-200 CVE-2015-2896: The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obt The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
nvd
CVE-2015-2894P4MEDIUMCVSS 5.3v6.0v7.22015-12-31
CVE-2015-2894 [MEDIUM] CWE-134 CVE-2015-2894: Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
nvd
Idera Uptime Infrastructure Monitor vulnerabilities | cvebase