Beyond Security’s SecuriTeam Secure Disclosure program

3 exploits Active since Jul 2017
CVE-2017-11469 EXPLOITDB HIGH WRITEUP
IDERA Uptime Monitor 7.8 - Path Traversal
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVSS 7.5
CVE-2017-11470 EXPLOITDB CRITICAL WRITEUP
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVSS 9.8
CVE-2017-11471 EXPLOITDB CRITICAL WORKING POC
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS 9.8