Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-7161
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote malicious users to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
Fortinet Fortigate-1000 3.00
1 EDB exploit
7.5
CVSSv2
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow malicious users to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
Php Php
Openpkg Openpkg 1.1
Openpkg Openpkg 1.2
5
CVSSv2
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote malicious users to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Php Php 4.0.3
Php Php 4.2.0
Php Php 4.2.1
Php Php 4.0.1
Php Php 4.0.2
Php Php 4.1.1
Php Php 4.1.2
Php Php 3.0.18
Php Php 4.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.0.6
Php Php 4.2.2
Php Php 4.0.7
Php Php 4.1.0
5
CVSSv2
CVE-2002-1783
CRLF injection vulnerability in PHP 4.2.1 up to and including 4.2.3, when allow_url_fopen is enabled, allows remote malicious users to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file fu...
Php Php 3.0.14
Php Php 3.0.15
Php Php 4.0.6
Php Php 4.0.7
Php Php 4.2.3
Php Php 3.0.18
Php Php 4.0.3
Php Php 4.1.2
Php Php 4.2.0
Php Php 4.0.4
Php Php 4.0.5
Php Php 4.2.1
Php Php 4.2.2
Php Php 3.0.16
Php Php 3.0.17
Php Php 4.1.0
Php Php 4.1.1
7.5
CVSSv2
CVE-2020-15690
In Nim prior to 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
Nim-lang Nim
5
CVSSv2
CVE-2012-5572
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer prior to 1.3114 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.
Dancer Dancer
Dancer Dancer 1.3111 01
Dancer Dancer 1.3071
Dancer Dancer 1.150
Dancer Dancer 1.3111
Dancer Dancer 1.3110
Dancer Dancer 1.3079 5
Dancer Dancer 1.3079 3
Dancer Dancer 1.3112
Dancer Dancer 1.3060
5
CVSSv2
CVE-2021-29084
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 allows remote malicious users to read arbitrary ...
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller
9.3
CVSSv2
CVE-2007-4396
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi prior to 0.8.11 allow user-assisted remote malicious users to execute ar...
Irssi Irssi
NA
CVE-2024-32764
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following vers...
NA
CVE-2019-13609
CVE-2019-13609 - CRLF Vulnerability in Citrix License Server for Windows and VPX
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »