{"vulnerability": "cve-2023-4767", "sightings": [{"uuid": "58f69321-d5e6-469b-a388-05e5ea4e543f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4767", "type": "seen", "source": "https://t.me/cibsecurity/73508", "content": "\u203c CVE-2023-4767 \u203c\n\nA CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T13:23:17.000000Z"}, {"uuid": "90f636d7-9f44-4988-8c1c-987727a28b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47674", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18072", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-47674\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.\n\ud83d\udccf Published: 2023-11-16T07:28:38.522Z\n\ud83d\udccf Modified: 2025-06-11T14:12:04.230Z\n\ud83d\udd17 References:\n1. https://www.c-first.co.jp/information/ddososhirase/\n2. https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf\n3. https://jvn.jp/en/vu/JVNVU99077347/", "creation_timestamp": "2025-06-11T14:31:23.000000Z"}]}