548 matches found
Code injection
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
security flaw
CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...
CVE-2005-3058
Fortinet FortiGate/FortiOS 2.8MR10 and FortiGate v3beta expose a vulnerability where remote attackers can bypass the URL blocker by using HTTP requests terminated with a line feed (LF) instead of CRLF or by requests without a Host header. This interpretation conflict in parsing HTTP requests is t...
DEBIAN-CVE-2005-3348
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...
DEBIAN-CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters...
iis4.0.smtp.DoS.txt
Date: Tue, 16 Feb 1999 14:03:43 -0600 From: Bug Traqqer To: [email protected] Subject: Re: IIS 4.0 SMTPSVC vs. QMAIL To all- if you find this problem happening to you there are fixes on both product sides. Qmail has provided a patch for stray line feeds. It is available through the...
Laravel CRLF injection in default email rule
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...