Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-11441
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
Phpmyadmin Phpmyadmin 5.0.2
NA
CVE-2006-3105
CRLF injection vulnerability in Bitweaver 1.3 allows remote malicious users to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
Bitweaver Bitweaver 1.3
1 EDB exploit
NA
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Devellion Cubecart 3.0.15
NA
CVE-2007-4612
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote malicious users to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
Dale Mooney Contact Form
NA
CVE-2002-2218
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) prior to 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key ...
Sips Sips
NA
CVE-2005-1087
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote malicious users to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
An An-httpd 1.42n
1 EDB exploit
NA
CVE-2007-1608
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) prior to 6.0.2.19 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
Ibm Websphere Application Server
NA
CVE-2007-4401
Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Mirc Advanced Integration Plugin
NA
CVE-2006-7087
CRLF injection vulnerability in the mail function in Dotdeb PHP prior to 5.2.0 Rev 3 allows remote malicious users to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Dotdeb Dotdeb Php 4.4.4
Dotdeb Dotdeb Php 5.2
Dotdeb Dotdeb Php 4.4.3
Dotdeb Dotdeb Php 5.0
Dotdeb Dotdeb Php 5.1
Dotdeb Dotdeb Php 4.4
NA
CVE-2005-2854
CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote malicious users to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.
Thesitewizard.com Chfeedback.pl Feedback Form Perl Script 2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »