Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2019-7313
www/resource.py in Buildbot prior to 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
Buildbot Buildbot
505
VMScore
CVE-2014-3427
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
1 EDB exploit
409
VMScore
CVE-2006-5969
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and previous versions allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Fvwm Fvwm
383
VMScore
CVE-2020-3561
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to inject arbitrary HTTP headers in the responses of the affected system....
Cisco Firepower Threat Defense
Cisco Adaptive Security Appliance
Cisco Adaptive Security Appliance Software
383
VMScore
CVE-2008-3422
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlFor...
Mono Project Mono 1.2.4
Mono Project Mono 1.2.1
Mono Project Mono 1.9
Mono Project Mono 1.2.6
Mono Mono 1.1.13.4
Mono Mono 1.1.13
Mono Mono 1.0
Mono Mono 1.1.8.3
Mono Project Mono 1.2.3
Mono Mono 1.1.17.1
Mono Mono 1.2.5.1
Mono Mono 1.1.18
Mono Mono 1.0.5
Mono Project Mono 1.2.5
Mono Mono 1.1.13.7
Mono Project Mono
Mono Mono 1.1.17
Mono Project Mono 1.2.2
Mono Mono 1.1.4
Mono Mono 1.1.13.6
435
VMScore
CVE-2014-2016
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and previous versions, 4.7.x prior to 4.7.11, and 4.8.x prior to 4.8.4, and Enterprise Edition 4.6.8 and previous versions, 5.0.x prior to 5.0.11 and 5.1.x prior to 5.1.4 al...
Oxid-esales Eshop
1 EDB exploit
585
VMScore
CVE-2014-2017
CRLF injection vulnerability in OXID eShop Professional Edition prior to 4.7.11 and 4.8.x prior to 4.8.4, Enterprise Edition prior to 5.0.11 and 5.1.x prior to 5.1.4, and Community Edition prior to 4.7.11 and 4.8.x prior to 4.8.4 allows remote malicious users to inject arbitrary ...
Oxidforge Eshop
1 EDB exploit
570
VMScore
CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP he...
Nim-lang Nim
445
VMScore
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Nim-lang Nim
383
VMScore
CVE-2017-5868
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote malicious users to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PAT...
Openvpn Openvpn Access Server 2.1.4
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »