Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-0881
CRLF injection vulnerability in Squid prior to 3.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Squid-cache Squid
NA
CVE-2006-5565
CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote malicious users to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the proven...
Maxdev Md-pro
NA
CVE-2007-2046
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and previous versions and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and previous versions allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting ...
Openads Openads
NA
CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote malicious users to execute...
Tuomas Jormola Xmmsinfo 1.1.1.1
Ricardo Mesquita Ogg123 0.01
Mikachu L33t Xmms Music Showing Script 2.00
Simon Xmms2 1.1.3
Kristof Korwisi Ixmmsa 0.3
Irssi Irssi
Ricardo Mesquita Mpg123 0.01
NA
CVE-2007-2618
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has ...
Drake Team Drake Cms 0.4.0
NA
CVE-2023-38551
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
6.1
CVSSv3
CVE-2021-45818
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.
Safarimontage Safari Montage 8.7.32
6.1
CVSSv3
CVE-2023-23950
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
Broadcom Symantec Identity Governance And Administration 14.3
Broadcom Symantec Identity Governance And Administration 14.4.1
Broadcom Symantec Identity Governance And Administration 14.4.2
Broadcom Symantec Identity Manager 14.4
Broadcom Symantec Identity Manager 14.3
6.1
CVSSv3
CVE-2019-12387
In Twisted prior to 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an malicious user to inject invalid characters such as CRLF.
Twistedmatrix Twisted
Fedoraproject Fedora 29
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
NA
CVE-2009-1524
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty prior to 6.1.17 allows remote malicious users to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
Mortbay Jetty 1.0.1
Mortbay Jetty 6.1.5
Mortbay Jetty 6.1.0
Mortbay Jetty 6.1.12
Mortbay Jetty 4.2.25
Mortbay Jetty 5.1.3
Mortbay Jetty 6.0.0
Mortbay Jetty 1.3.1
Mortbay Jetty 3.0.a3
Mortbay Jetty 1.3.4
Mortbay Jetty 4.2.22
Mortbay Jetty 3.1.8
Mortbay Jetty 3.0.a0
Mortbay Jetty 6.1.15
Mortbay Jetty 4.2.1
Mortbay Jetty 2.0.4
Mortbay Jetty 2.2
Mortbay Jetty 2.2.8
Mortbay Jetty 5.1.2
Mortbay Jetty 5.1.5
Mortbay Jetty 5.1.13
Mortbay Jetty 3.0.a95
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »