Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and previous versions allows remote malicious users to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
University Of Kansas Lynx 2.8.2 Rel1
University Of Kansas Lynx 2.8.3
Elinks Elinks 0.3.2
Links Links 0.96
Elinks Elinks 0.2.4
University Of Kansas Lynx 2.8.4 Rel1
University Of Kansas Lynx 2.8.5 Dev8
University Of Kansas Lynx 2.8.3 Rel1
University Of Kansas Lynx 2.8.4
1 EDB exploit
NA
CVE-2007-4398
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Irssi Irssi
NA
CVE-2006-1714
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote malicious users to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.
Phpmyforum Phpmyforum 4.0
1 EDB exploit
NA
CVE-2007-4400
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Konversation Konversation
NA
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
6.5
CVSSv3
CVE-2021-31249
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
Chiyu-tech Bf-430 Firmware -
Chiyu-tech Bf-431 Firmware -
Chiyu-tech Bf-450m Firmware -
NA
CVE-2009-3962
The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software prior to 5.29.52 allows remote malicious users to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a...
2wire 1700hg
2wire 2700hg
2wire 2071
2wire 1701hg
2wire 1800hw
2wire 2701hg-t
1 EDB exploit
6.1
CVSSv3
CVE-2016-6484
CRLF injection vulnerability in Infoblox Network Automation NetMRI prior to 7.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Infoblox Netmri
NA
CVE-2010-0155
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware prior to 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting a...
Ibm Proventia Network Mail Security System Virtual Appliance
Ibm Proventia Network Mail Security System Virtual Appliance Firmware 1.6
NA
CVE-2006-4523
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote malicious users to cause a denial of service (crash) via a CRLF sequence in a GET request.
2wire Inc Officeportal
2wire Inc Homeportal 1000w
2wire Inc Homeportal 100w
2wire Inc Homeportal 1500w
2wire Inc Homeportal 1000sw
2wire Inc Homeportal 1000
2wire Inc Homeportal 1000s
2wire Inc Homeportal
2wire Inc Homeportal 100s
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »