Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-3709
CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote malicious users to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.
Codeigniter Codeigniter 1.5.3
383
VMScore
CVE-2015-5204
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android prior to 1.3.0 allows remote malicious users to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.
Apache Cordova File Transfer
445
VMScore
CVE-2005-0493
CRLF injection vulnerability in bizmail.cgi in Biz Mail Form prior to 2.2 allows remote malicious users to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.
Seth M. Knorr Biz Mail Form
668
VMScore
CVE-2007-0892
CRLF injection vulnerability in phpMyVisites prior to 2.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".
Matthieu Aubry Phpmyvisites 1.2.2
Matthieu Aubry Phpmyvisites 1.0
Matthieu Aubry Phpmyvisites 1.3
Matthieu Aubry Phpmyvisites 1.2 Beta
Matthieu Aubry Phpmyvisites 0.1 Beta
Matthieu Aubry Phpmyvisites 1.2.1
Matthieu Aubry Phpmyvisites 1.1
Matthieu Aubry Phpmyvisites 1.2
Matthieu Aubry Phpmyvisites
755
VMScore
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and previous versions, including 9.0.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Oracle Application Server Portal 10g
Oracle Application Server Portal 9.0.2
1 EDB exploit
383
VMScore
CVE-2020-11441
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
Phpmyadmin Phpmyadmin 5.0.2
435
VMScore
CVE-2004-2512
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and previous versions allows remote malicious users to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Codeworx Technologies Dcp-portal 3.7
Codeworx Technologies Dcp-portal 5.0.2
Codeworx Technologies Dcp-portal 5.2
Codeworx Technologies Dcp-portal 4.1
Codeworx Technologies Dcp-portal 5.3
Codeworx Technologies Dcp-portal 5.0.1
Codeworx Technologies Dcp-portal
Codeworx Technologies Dcp-portal 5.3.1
Codeworx Technologies Dcp-portal 4.5.1
Codeworx Technologies Dcp-portal 4.2
Codeworx Technologies Dcp-portal 4.0
Codeworx Technologies Dcp-portal 5.1
1 EDB exploit
383
VMScore
CVE-2009-1591
CRLF injection vulnerability in CGI RESCUE Web Mailer prior to 1.04 allows remote malicious users to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.
Cgi Rescue Cgi Web Mailer
445
VMScore
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote malicious users to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Geeklog Geeklog 1.35
Geeklog Geeklog 1.3.5 Sr1
505
VMScore
CVE-2006-3105
CRLF injection vulnerability in Bitweaver 1.3 allows remote malicious users to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
Bitweaver Bitweaver 1.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »