18 matches found
CVE-2026-10055
CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...
CVE-2026-10055
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...
CVE-2026-10215 Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Use-after-free in WebRequestService
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
The vulnerability in the web interface of the Cisco Integrated Management Controller, a software tool for remote administration of servers, allows a perpetrator to execute arbitrary commands with root privileges.
The vulnerability of the web interface for managing Cisco Integrated Management Controllers involves errors during the verification of data entered by the user in the Certificate Request Service function. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with ro...
Directory traversal
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavi...
CVE-2014-5160
HP Data Protector’s Cell Request Service crs.exe is affected by two directory traversal vulnerabilities (opcode 1091 and 305). The flaws allow remote, unauthenticated attackers to write or delete arbitrary files, with potential code execution in the service context. Affected component is crs.exe ...
HP Data Protector Cell Request Service Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Data Protector Cell Request Servic...
HP Data Protector CRS Opcode 235 Stack Buffer Overflow (CVE-2013-2325)
A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 235, which can result in a stack buffer overflow. A remote, unauthenticated...
HP Data Protector CRS Opcode 227 Stack Buffer Overflow (CVE-2013-2335)
A stack buffer overflow vulnerability has been discovered in HP Data Protector. The vulnerability exists in the Cell Request Service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 227, which can result in a stack buffer overflow. A remote,...
HP Data Protector CRS Opcode 234 Stack Buffer Overflow (CVE-2013-2326)
A buffer overflow has been reported in HP Data Protector. The vulnerability exists in the Cell Request Service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 234, which can result in a stack buffer overflow. A remote, unauthenticated attacker...
HP Data Protector CRS Opcode 305 Stack Buffer Overflow (CVE-2013-2330)
A stack buffer overflow has been reported in HP Data Protector. The vulnerability is in the Cell Request service, which listens on a randomly chosen port. The application fails to sanitize input with opcode 305, which can result in a stack-based buffer overflow. A remote, unauthenticated attacker...
Microsoft Windows Media Services 4.0/4.1 - Denial of Service (MS00-038)
// source: https://www.securityfocus.com/bid/1282/info Windows Media Encoder is part of Windows Media Services. It's purpose is to convert content into a suitable format for video or audio streaming through the Media Services. If a specially malformed request is sent to the Windows Media Encoder ...