cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4767,https://securityvulnerability.io/vulnerability/CVE-2023-4767,Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central,A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.,Manageengine,Desktop Central,6.1,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2023-11-03T11:15:00.000Z,0
CVE-2023-4768,https://securityvulnerability.io/vulnerability/CVE-2023-4768,Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central,A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.,Manageengine,Desktop Central,6.1,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2023-11-03T11:15:00.000Z,0
CVE-2023-4769,https://securityvulnerability.io/vulnerability/CVE-2023-4769,Server-Side Request Forgery in ManageEngine Desktop Central,"An SSRF vulnerability has been identified in ManageEngine Desktop Central, particularly in the /smtpConfig.do component. This flaw may allow authenticated attackers to conduct targeted attacks, including cross-port exploitation and service enumeration, by crafting malicious HTTP requests. Attackers can leverage this vulnerability to gain unauthorized access to internal services or execute other disruptive maneuvers within the network environment.",ManageEngine,Desktop Central,8.8,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-11-03T11:15:00.000Z,0
CVE-2021-28960,https://securityvulnerability.io/vulnerability/CVE-2021-28960,Unauthenticated Command Injection in Zoho ManageEngine Desktop Central,"Zoho ManageEngine Desktop Central versions prior to build 10.0.683 are affected by an unauthenticated command injection vulnerability. This issue arises from the improper handling of user inputs during on-demand operations, allowing attackers to execute arbitrary commands without authentication. This vulnerability poses a risk by potentially allowing unauthorized access and manipulation of the system.",Manageengine,Desktop Central,9.8,CRITICAL,0.007499999832361937,false,,false,false,false,,,false,false,,2021-09-21T12:46:18.000Z,0
CVE-2015-8249,https://securityvulnerability.io/vulnerability/CVE-2015-8249,,The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.,Manageengine,Desktop Central,9.8,CRITICAL,0.961929976940155,false,,false,false,false,,,false,false,,2017-09-28T01:29:00.000Z,0