CVE-2007-4397: CRLF Injection

First published: Sat Aug 18 2007(Updated: )

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/severity
• agent/remedy
• agent/weakness
• agent/last-modified-date
• agent/references
• agent/author
• agent/description
• agent/first-publish-date
• agent/event
• agent/source
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-historical
• vendor/irssi
• canonical/irssi irssi
• version/irssi irssi/0.8.10rc5
• vendor/kristof korwisi
• canonical/kristof korwisi ixmmsa
• version/kristof korwisi ixmmsa/0.3
• vendor/mikachu
• canonical/mikachu l33t xmms music showing script
• version/mikachu l33t xmms music showing script/2.00
• vendor/ricardo mesquita
• canonical/mpg123
• version/mpg123/0.01
• canonical/ricardo mesquita ogg123
• version/ricardo mesquita ogg123/0.01
• vendor/simon
• canonical/simon xmms2
• version/simon xmms2/1.1.3
• vendor/tuomas jormola
• canonical/tuomas jormola xmmsinfo
• version/tuomas jormola xmmsinfo/1.1.1.1