Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and previous versions allows remote malicious users to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
University Of Kansas Lynx 2.8.2 Rel1
University Of Kansas Lynx 2.8.3
Elinks Elinks 0.3.2
Links Links 0.96
Elinks Elinks 0.2.4
University Of Kansas Lynx 2.8.4 Rel1
University Of Kansas Lynx 2.8.5 Dev8
University Of Kansas Lynx 2.8.3 Rel1
University Of Kansas Lynx 2.8.4
1 EDB exploit
NA
CVE-2007-4398
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Irssi Irssi
6.5
CVSSv3
CVE-2021-31249
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
Chiyu-tech Bf-430 Firmware -
Chiyu-tech Bf-431 Firmware -
Chiyu-tech Bf-450m Firmware -
NA
CVE-2006-1714
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote malicious users to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.
Phpmyforum Phpmyforum 4.0
1 EDB exploit
NA
CVE-2007-4400
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Konversation Konversation
NA
CVE-2014-3428
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to servlet.
Yealink Voip Phone Firmware 28.72.0.2
Yealink Voip Phone 28.2.0.128.0.0.0
6.1
CVSSv3
CVE-2016-6484
CRLF injection vulnerability in Infoblox Network Automation NetMRI prior to 7.1.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
Infoblox Netmri
NA
CVE-2008-7161
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote malicious users to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
Fortinet Fortigate-1000 3.00
1 EDB exploit
NA
CVE-2010-0155
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware prior to 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting a...
Ibm Proventia Network Mail Security System Virtual Appliance
Ibm Proventia Network Mail Security System Virtual Appliance Firmware 1.6
NA
CVE-2006-4523
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote malicious users to cause a denial of service (crash) via a CRLF sequence in a GET request.
2wire Inc Officeportal
2wire Inc Homeportal 1000w
2wire Inc Homeportal 100w
2wire Inc Homeportal 1500w
2wire Inc Homeportal 1000sw
2wire Inc Homeportal 1000
2wire Inc Homeportal 1000s
2wire Inc Homeportal
2wire Inc Homeportal 100s
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »