cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4767,https://securityvulnerability.io/vulnerability/CVE-2023-4767,Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central,A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.,Manageengine,Desktop Central,6.1,MEDIUM,0.001339999958872795,false,false,false,false,,false,false,2023-11-03T11:15:00.000Z,0
CVE-2023-4768,https://securityvulnerability.io/vulnerability/CVE-2023-4768,Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central,A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.,Manageengine,Desktop Central,6.1,MEDIUM,0.001339999958872795,false,false,false,false,,false,false,2023-11-03T11:15:00.000Z,0
CVE-2023-4769,https://securityvulnerability.io/vulnerability/CVE-2023-4769,Server-Side Request Forgery in ManageEngine Desktop Central,"A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.",ManageEngine,Desktop Central,8.8,HIGH,0.0012799999676644802,false,false,false,false,,false,false,2023-11-03T11:15:00.000Z,0
CVE-2021-28960,https://securityvulnerability.io/vulnerability/CVE-2021-28960,,Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.,Manageengine,Desktop Central,9.8,CRITICAL,0.007499999832361937,false,false,false,false,,false,false,2021-09-21T12:46:18.000Z,0
CVE-2015-8249,https://securityvulnerability.io/vulnerability/CVE-2015-8249,,The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.,Manageengine,Desktop Central,9.8,CRITICAL,0.961929976940155,false,false,false,false,,false,false,2017-09-28T01:29:00.000Z,0