Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

CVE-2022-46156

CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...

CVE-2018-5735

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar...

Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

[oss-security] Re: CVE-2014-6271: remote code execution through bash

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITRE is currently using CVE-2014-7169 to track the report of the incomplete patch, i.e., incorrect function parsing that's present in builds that are up-to-date with the http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We realize that...

Apple OS X Software Update Command Execution

No description provided by source. $Id: softwareupdate.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Apple OS X Software Update Command Execution

$Id: softwareupdate.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Apple OS X Software Update Command Execution

This module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means...

Apple OS X Software Update Remote Command Execution

--------------------------------------------------------------------- Apple Mac OS X Software Update Remote Command Execution Vulnerability Copyright c 2007 Moritz Jodeit [email protected] 2007/12/17 --------------------------------------------------------------------- I. Vulnerability Descriptio...