Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.
5.3CVSS
5.8AI Score
0.002EPSS
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
7.3CVSS
7.7AI Score
0.004EPSS
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command.
5.3CVSS
5.6AI Score
0.002EPSS
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
7.5CVSS
7.4AI Score
0.003EPSS
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
9.8CVSS
9.5AI Score
0.045EPSS
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
7.5CVSS
8.6AI Score
0.007EPSS
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
9.8CVSS
9.8AI Score
0.002EPSS
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
9.8CVSS
9.8AI Score
0.002EPSS