25 matches found
CVE-2026-11060
An use after free flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499018355...
CVE-2026-11060
creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:00+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2026-11060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT...
CVE-2026-11060
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11060
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2020-11060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an...
CVE-2024-11060
creationtimestamp| type| source ---|---|--- 2024-11-11 00:18:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113461448806354716 2024-11-11 02:43:02+00:00| seen| https://t.me/cvedetector/10447...
CVE-2024-11060 Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection
A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch th...
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
GLPI GZIP(Py3) 9.4.5 - RCE
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
FreeBSD : glpi -- Remote Code Execution (RCE) via the backup functionality (832fd11b-3b11-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only...
CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2020-11060
GLPI prior to 9.4.6 contains a vulnerability in the backup functionality that allows executing system commands. Exploitation is theoretically possible without a valid account via CSRF, but effectively requires an account with Maintenance privileges and the right to add WIFI networks. The issue is...
CVE-2020-11060 Remote Code Execution in GLPI
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2020-11060
creationtimestamp| type| source ---|---|--- 2020-05-12 14:45:16+00:00| published-proof-of-concept| https://t.me/canyoupwnme/6428 2020-05-12 14:52:48+00:00| published-proof-of-concept| https://t.me/techpwnews/635 2021-06-15 01:19:34+00:00| seen| https://t.me/pwnwikizhchannel/649 2024-10-23...
CVE-2016-11060
creationtimestamp| type| source ---|---|--- 2020-04-28 20:35:10+00:00| seen| https://t.me/cibsecurity/11700...
CVE-2016-11060
Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10...
CVE-2016-11060
The provided data confirms CVE-2016-11060 involves NETGEAR devices affected by insecure TLS renegotiation. Affected products listed are SRX5308, FVS336Gv3, FVS318N, and FVS318Gv2 with vulnerable dates before 2017-02-10. The CNVD entry explicitly describes a Denial of Service impact resulting from...
CVE-2019-11060
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service DoS by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time...