Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-7313
www/resource.py in Buildbot prior to 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
Buildbot Buildbot
5
CVSSv2
CVE-2014-3427
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
1 EDB exploit
4.6
CVSSv2
CVE-2006-5969
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and previous versions allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Fvwm Fvwm
4.3
CVSSv2
CVE-2020-3561
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to inject arbitrary HTTP headers in the responses of the affected system....
Cisco Firepower Threat Defense
Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Software
4.3
CVSSv2
CVE-2008-3422
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlFor...
Mono Mono 1.0
Mono Mono 1.1.18
Mono Mono 1.1.4
Mono Project Mono 1.2.5
Mono Project Mono 1.2.6
Mono Mono 1.1.13.4
Mono Mono 1.1.13.6
Mono Mono 1.1.13.7
Mono Project Mono 1.2.1
Mono Project Mono 1.2.2
Mono Mono 1.0.5
Mono Mono 1.1.13
Mono Mono 1.1.8.3
Mono Mono 1.2.5.1
Mono Project Mono 1.9
Mono Project Mono
Mono Mono 1.1.17
Mono Mono 1.1.17.1
Mono Project Mono 1.2.3
Mono Project Mono 1.2.4
4.3
CVSSv2
CVE-2014-2016
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 al...
Oxid-esales Eshop
1 EDB exploit
5.8
CVSSv2
CVE-2014-2017
CRLF injection vulnerability in OXID eShop Professional Edition prior to 4.7.11 and 4.8.x prior to 4.8.4, Enterprise Edition prior to 5.0.11 and 5.1.x prior to 5.1.4, and Community Edition prior to 4.7.11 and 4.8.x prior to 4.8.4 allows remote malicious users to inject arbitrary ...
Oxidforge Eshop
1 EDB exploit
6.4
CVSSv2
CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP he...
Nim-lang Nim
5
CVSSv2
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Nim-lang Nim
4.3
CVSSv2
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »