Checkpoint Arba protection bypass

It's possible to bypass sandbox protection...

VMware Workstation Multiple Vulnerabilities (VMSA-2012-0011)

The VMware Workstation install detected on the remote host is 7.x earlier than 7.1.6, or 8.0.x earlier than 8.0.4 and is, therefore, potentially affected by the following vulnerabilities : - A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary co...

VMware Player Multiple Vulnerabilities (VMSA-2012-0011)

The VMware Player install detected on the remote host is 3.x earlier than 3.1.6, or 4.0.x, earlier than 4.0.4 and is, therefore, potentially affected by the following vulnerabilities : - A memory corruption error exists related to the handling of 'Checkpoint' files that can allow arbitrary code...

Checkpoint Endpoint Connect DLL hijacking

It's possible to load user provided library into system process...

VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0011 Synopsis: VMware hosted products and ESXi and ESX patches address security issues Issue date: 2012-06-14 Updated on: 2012-06-1...

Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack

Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack ================================================================================ Summary : Checkpoint Endpoint Connect VPN is prone to DLL hijacking Date : 12 June 2012 Affected versions : Endpoint Security VPN R75 Remote Access...

VMSA-2012-0011 VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.

The remote ESXi is missing one or more security related Updates from VMSA-2012-0011. Summary VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues. Relevant releases: Workstation 8.0.3 Workstation 7.1.5 Player 4.0.3 Player 3.1.5 Fusion 4.1.2 ESXi 5.0 without patch...

CVE-2012-3288

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denia...

Memory corruption

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denia...

CVE-2012-3288

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denia...

VMSA-2012-0011:VMware hosted products and ESXi and ESX patches address security issues

VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0011 VMware Security Advisory Synopsis: VMware hosted products and ESXi and ESX patches address security issues VMware Security Advisory...

CheckPoint Firewall / VPN-1 information leakage

It's possible to obtain host names...

OSI Security: CheckPoint Firewall VPN - Information Disclosure

CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...

CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

This module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station such as SmartCenter name via a pre-authentication request. The string returned is the CheckPoint Internal CA CN for SmartCenter and the firewall host. Whilst...

hadoop-secondary-namenode-info NSE Script

Retrieves information from an Apache Hadoop secondary NameNode HTTP status page. Information gathered: Date/time the service was started Hadoop version Hadoop compile date Hostname or IP address and port of the master NameNode server Last time a checkpoint was taken How often checkpoints are take...

CheckPoint SSL VPN ActiveX code execution

Unsafe methods allow file upload and execute...

CheckPoint Security Management products symbolic links vulnerability

Symbolic links vulnerability during installation...

Checkpoint VPN privilege escalation

It's possible to obtain Local System privileges...

Checkpoint VPN - Priviledge Escalation

It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX...

Checkpoint Firewall ESMTP Service Detection

Binary data 5929.prm...