5 matches found
CVE-2014-3427
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...
Crlf injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...
CVE-2014-3427
CVE-2014-3427 affects Yealink VoIP Phones (validated on firmware 28.72.0.2) and arises from CRLF injection in the servlet handling the model parameter, enabling remote header injection and HTTP response splitting. Impact, as stated: arbitrary HTTP headers can be injected via the model parameter t...
Cross site scripting
Cross-site scripting XSS vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet...
CVE-2014-3428
Cross-site scripting XSS vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet...