Lucene search
K

1282 matches found

CVE
CVE
added 2007/06/27 6:0 p.m.46 views

CVE-2007-3464

The CVE-2007-3464 entry concerns Check Point SofaWare Safe@Office (firmware before Embedded NGX 7.0.45 GA). The underlying issue is that the admin password change does not require the old password, enabling potential privilege escalation via CSRF attacks or similar vectors on an unattended workst...

8.5CVSS7.1AI score0.01048EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/06/27 6:0 p.m.30 views

CVE-2007-3465

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password...

6.7AI score0.01495EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/06/27 12:0 a.m.67 views

Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device

Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...

7.5AI score
Exploits0
NVD
NVD
added 2007/05/16 10:30 p.m.18 views

CVE-2007-2730

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...

7.2CVSS6.4AI score0.00321EPSS
Exploits0References4
Prion
Prion
added 2007/05/16 10:30 p.m.16 views

Design/Logic Flaw

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...

7.2CVSS7AI score0.00321EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2007/05/16 10:0 p.m.66 views

CVE-2007-2730

Technical details about CVE-2007-2730 are not publicly provided in the supplied documents. No explicit affected products, root cause, or fixes are described here. Monitor for updates from official advisories.

7.2CVSS6.5AI score0.00321EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2007/05/16 10:0 p.m.24 views

CVE-2007-2730

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified...

6.4AI score0.00321EPSS
Exploits0References4
NVD
NVD
added 2007/05/16 1:19 a.m.15 views

CVE-2007-2689

Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...

7.8CVSS6.7AI score0.01976EPSS
Exploits0References4
CVE
CVE
added 2007/05/16 1:0 a.m.40 views

CVE-2007-2689

Check Point Web Intelligence is affected by CVE-2007-2689 due to improper handling of certain full-width and half-width Unicode character encodings in HTTP traffic processing. The underlying issue allows remote attackers to evade detection of HTTP traffic. Affected product: Check Point Web Intell...

7.8CVSS6.7AI score0.01976EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/05/16 1:0 a.m.20 views

CVE-2007-2689

Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic...

6.7AI score0.01976EPSS
Exploits0References4
NVD
NVD
added 2007/04/24 4:19 p.m.12 views

CVE-2007-2174

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...

7.2CVSS7.2AI score0.00411EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/04/24 4:0 p.m.20 views

CVE-2007-2174

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...

7.2AI score0.00411EPSS
Exploits0References8
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.45 views

[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation

CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...

Exploits0
securityvulns
securityvulns
added 2007/04/21 12:0 a.m.54 views

iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability

Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability iDefense Security Advisory 04.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 20, 2007 I. BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware...

0.2AI score
Exploits0
NVD
NVD
added 2007/04/18 3:19 a.m.16 views

CVE-2007-2083

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

6.9CVSS7.4AI score0.00773EPSS
Exploits0References5
Prion
Prion
added 2007/04/18 3:19 a.m.21 views

Design/Logic Flaw

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

6.9CVSS7.8AI score0.00773EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/18 2:20 a.m.57 views

CVE-2007-2083

This CVE (CVE-2007-2083) affects ZoneAlarm Pro and is caused by vsdatant.sys not validating arguments passed to hooked SSDT function handlers, enabling local attackers to crash the system or possibly execute arbitrary code via crafted arguments to NtCreateKey and NtDeleteFile. Affected product: Z...

6.9CVSS7.4AI score0.00773EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/04/18 2:20 a.m.18 views

CVE-2007-2083

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

7.4AI score0.00773EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2007/03/29 12:0 a.m.1 views

Integrity Clientless Security (ICS) Update 3.7.147.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

6.8AI score
Exploits0
CVE
CVE
added 2007/02/27 2:0 a.m.60 views

CVE-2004-2679

CVE-2004-2679 affects Check Point Firewall-1 4.1 up to NG AI R55. The vulnerability arises when an attacker sends an Internet Key Exchange (IKE) message with a crafted Vendor ID payload, causing the firewall to reveal version information and potentially other details in its response. This is an i...

7.8CVSS6.6AI score0.01426EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder