Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-5565
CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote malicious users to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the proven...
Maxdev Md-pro
NA
CVE-2015-0881
CRLF injection vulnerability in Squid prior to 3.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
Squid-cache Squid
NA
CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote malicious users to execute...
Tuomas Jormola Xmmsinfo 1.1.1.1
Ricardo Mesquita Ogg123 0.01
Mikachu L33t Xmms Music Showing Script 2.00
Simon Xmms2 1.1.3
Kristof Korwisi Ixmmsa 0.3
Irssi Irssi
Ricardo Mesquita Mpg123 0.01
NA
CVE-2007-2046
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and previous versions and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and previous versions allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting ...
Openads Openads
NA
CVE-2007-2618
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has ...
Drake Team Drake Cms 0.4.0
NA
CVE-2023-38551
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
6.1
CVSSv3
CVE-2021-45818
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.
Safarimontage Safari Montage 8.7.32
6.1
CVSSv3
CVE-2023-23950
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
Broadcom Symantec Identity Governance And Administration 14.3
Broadcom Symantec Identity Governance And Administration 14.4.1
Broadcom Symantec Identity Governance And Administration 14.4.2
Broadcom Symantec Identity Manager 14.4
Broadcom Symantec Identity Manager 14.3
6.1
CVSSv3
CVE-2019-12387
In Twisted prior to 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an malicious user to inject invalid characters such as CRLF.
Twistedmatrix Twisted
Fedoraproject Fedora 29
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
7.5
CVSSv3
CVE-2021-31164
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
Apache Unomi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »