1282 matches found
CVE-2007-3464
The CVE-2007-3464 entry concerns Check Point SofaWare Safe@Office (firmware before Embedded NGX 7.0.45 GA). The underlying issue is that the admin password change does not require the old password, enabling potential privilege escalation via CSRF attacks or similar vectors on an unattended workst...
CVE-2007-3465
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password...
Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device
Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...
CVE-2007-2730
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...
Design/Logic Flaw
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...
CVE-2007-2730
Technical details about CVE-2007-2730 are not publicly provided in the supplied documents. No explicit affected products, root cause, or fixes are described here. Monitor for updates from official advisories.
CVE-2007-2730
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...
CVE-2007-2689
Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...
CVE-2007-2689
Check Point Web Intelligence is affected by CVE-2007-2689 due to improper handling of certain full-width and half-width Unicode character encodings in HTTP traffic processing. The underlying issue allows remote attackers to evade detection of HTTP traffic. Affected product: Check Point Web Intell...
CVE-2007-2689
Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...
CVE-2007-2174
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...
CVE-2007-2174
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...
[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation
CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...
iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability
Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability iDefense Security Advisory 04.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 20, 2007 I. BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware...
CVE-2007-2083
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...
Design/Logic Flaw
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...
CVE-2007-2083
This CVE (CVE-2007-2083) affects ZoneAlarm Pro and is caused by vsdatant.sys not validating arguments passed to hooked SSDT function handlers, enabling local attackers to crash the system or possibly execute arbitrary code via crafted arguments to NtCreateKey and NtDeleteFile. Affected product: Z...
CVE-2007-2083
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...
Integrity Clientless Security (ICS) Update 3.7.147.0
Check Point Integrity Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...
CVE-2004-2679
CVE-2004-2679 affects Check Point Firewall-1 4.1 up to NG AI R55. The vulnerability arises when an attacker sends an Internet Key Exchange (IKE) message with a crafted Vendor ID payload, causing the firewall to reveal version information and potentially other details in its response. This is an i...