66 matches found
Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check
Check Point VPN-1 PAT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2008 Tim Brown and Portcullis Computer Security Ltd Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2008-1397
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service site-to-site VPN tunnel outage, and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's...
Code injection
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service site-to-site VPN tunnel outage, and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's...
CVE-2008-1397
Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service site-to-site VPN tunnel outage, and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's...
Check Point VPN-1 information disclosure vulnerability
Overview The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. Description The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual...
CVE-2008-1208
Cross-site scripting XSS vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter...
CVE-2008-1208
Cross-site scripting XSS vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter...
Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/28116/info Check Point VPN-1 UTM Edge is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...
Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting
Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/28116/info Check Point VPN-1 UTM Edge is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issu...
Design/Logic Flaw
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials...
CVE-2008-0662
CVE-2008-0662 affects Check Point VPN-1 SecuRemote/SecureClient NGX for Windows (R60 and R56). The Auto Local Logon feature caches credentials in the Checkpoint\SecuRemote registry key which has Everyone/Full Control permissions, enabling local users to read and reuse credentials to gain privileg...
Check Point VPN-1/FireWall-1 4.1 SP2 Blocked Port Bypass Exploit
No description provided by source. / Summary A vulnerability exists in Check Point VPN-1/FireWall-1 4.1 SP2 that enables an attacker to establish connections to blocked TCP services through the firewall in certain configurations. We expect many deployed FireWall-1 installations to be immune to th...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2007-3489
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2007-3489
CVE-2007-3489 affects Check Point VPN-1 Edge X Embedded NGX 7.0.33x with CSRF in the management interface (pop/WizU.html). A remote attacker can perform privileged actions as administrators, demonstrated by a request using swuuser and swupass parameters to add an administrator account. The vulner...
CVE-2007-3489
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2006-0255
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient could allow local privilege escalation via a malicious program.exe placed in the C:\ folder, which is executed when SecureClient launches Sr_GUI.exe. Affected product: Check Point VPN-1 SecureClient. Root cause: unquoted...
CVE-2006-0255
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the SrGUI.exe program...
CVE-2006-0255
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the SrGUI.exe program...