16 matches found
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...
EUVD-2006-0215
Malware in sbrugna...
EUVD-2015-8717
Malware in sbrugna...
CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
SUSE CVE-2005-3883
CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...
SUSE CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...
SUSE CVE-2015-8852
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length headers in an HTTP...
CVE-2022-23701
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...
CVE-2022-23701
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 iLO 4 firmware versions: Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with...
Cisco IronPort C350 Header Injection
!/usr/bin/perl -w Cisco IronPort C350 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
Microsoft Outlook Web Access Build 15.1.1591 Header Injection
!/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
CVE-2014-2017
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...
PT-2016-4045 · Varnish · Varnish
Name of the Vulnerable Software and Affected Versions: Varnish versions 3.x through 3.0.6 Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a r carriage return character in conjunction with...
DEBIAN-CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...
PT-2014-2313 · Plone +2 · Plone +2
Name of the Vulnerable Software and Affected Versions: Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character in the ZPublisher.HTTPRequest. scrubHeader function. Recommendations...
CVE-2011-3187
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...