Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery
27.03.2023
Rafael Pedrero
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
High
Dropbear SSHD xauth Command Injection / Bypass
17.03.2016
dropbear
High
OpenSSH 7.2p1 xauth Command Injection / Bypass
16.03.2016
tintinweb
Low
NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities
08.03.2015
Wang Jing
CVEMAP Search Results
CVE
Details
Description
2024-03-12
CVE-2024-1226
Updating...
The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.
2023-11-03
CVE-2023-4767
Updating...
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
CVE-2023-4768
Updating...
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.
2022-07-19
CVE-2022-31150
Updating...
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue.
2022-02-18
Medium
CVE-2022-0666
Vendor:
Microweber
Software:
Microweber
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
2021-12-12
Medium
CVE-2021-4097
Vendor:
Phpservermonitor
Software:
Php server m...
phpservermon is vulnerable to Improper Neutralization of CRLF Sequences
2021-08-27
CVE-2021-39172
Updating...
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
2019-08-26
Medium
CVE-2017-18587
Vendor:
Hyper
Software:
Hyper
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
2019-08-07
Medium
CVE-2016-10803
Vendor:
Cpanel
Software:
Cpanel
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
2019-06-27
Low
CVE-2018-6148
Vendor:
Google
Software:
Chrome
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Copyright
2024
, cxsecurity.com
Back to Top