Lucene search
K
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•252 views

Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...

6.1AI score0.02674EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/08/16 12:0 a.m.•178 views

DrayTek Routers Buffer Overflow (CVE-2022-32548)

A buffer overflow vulnerability exists in DrayTek Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.6AI score0.33795EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/05/26 12:0 a.m.•162 views

SQL Servers Time-based SQL Injection (CVE-2011-4710; CVE-2019-13978; CVE-2019-16065; CVE-2019-16119; CVE-2019-16383; CVE-2019-16692; CVE-2020-15468; CVE-2020-26518; CVE-2020-29284; CVE-2021-21915; CVE-2021-21916; CVE-2021-21917; CVE-2022-23337; CVE-2022-25149)

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

9CVSS7.4AI score0.77956EPSS
Exploits33
Check Point Advisories
Check Point Advisories
•added 2016/03/22 12:0 a.m.•157 views

Cross-Site Scripting Scanning Attempt (CVE-2015-4661; CVE-2019-16385; CVE-2019-9167; CVE-2020-10946; CVE-2020-12261; CVE-2020-13228; CVE-2020-13627; CVE-2020-13628; CVE-2020-14953; CVE-2021-21801; CVE-2021-25080; CVE-2022-25305; CVE-2022-28102)

Remote attackers use Cross-Site Scripting scanning in order to locate potential Cross-Site Scripting vulnerabilities on a target server, which could be later used for attacks...

4.3CVSS3.8AI score0.842EPSS
Exploits26
Check Point Advisories
Check Point Advisories
•added 2020/09/05 12:0 a.m.•156 views

OCS Inventory NG CommandLine.php Command Injection (CVE-2020-14947)

A command injection vulnerability exists in OCS Inventory NG. The vulnerability is due to insufficient input validation in the CommandLine.php...

6.5CVSS2.9AI score0.19481EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2006/11/16 12:0 a.m.•150 views

Microsoft XMLHTTP Control Open Method Code Execution (MS06-071; CVE-2006-5745)

XML HTTP, an ActiveX control that is included in Microsoft XML Core Services MSXML, is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications...

7.6CVSS2.1AI score0.75946EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2013/08/12 12:0 a.m.•145 views

Web Servers Malicious HTTP Request Directory Traversal (CVE-2005-3299; CVE-2014-7174; CVE-2022-1476; CVE-2022-29806)

There exists a directory traversal vulnerability On different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the parameters in request body for the directory traversal patterns. Successful exploitation allows unauthenticated remo...

7.5CVSS7.5AI score0.67128EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2022/11/10 12:0 a.m.•142 views

Arris Routers Command Injection (CVE-2022-26990; CVE-2022-26991; CVE-2022-26992; CVE-2022-26993; CVE-2022-26994; CVE-2022-26995; CVE-2022-26996; CVE-2022-26997; CVE-2022-26998; CVE-2022-26999; CVE-2022-27000; CVE-2022-27001; CVE-2022-27002)

A command injection vulnerability exists in Arris Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS7.9AI score0.0612EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•142 views

GitStack Authentication Bypass (CVE-2018-5955)

A vulnerability exists in smart-mobile-software GitStack. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7.5CVSS6.4AI score0.80982EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2017/12/17 12:0 a.m.•140 views

ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)

ROBOT Detect Scanner is a vulnerability scanning product. Remote attackers can use ROBOT Detect Scanner to detect vulnerabilities on a target server...

7.1CVSS3.3AI score0.45113EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/26 12:0 a.m.•138 views

Command Injection Over HTTP (CVE-2019-9166; CVE-2021-43936; CVE-2022-1813; CVE-2022-24086; CVE-2022-24193; CVE-2022-26536; CVE-2022-32092; CVE-2022-37810; CVE-2022-40048)

A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

10CVSS3.9AI score0.99199EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•127 views

Trend Micro objRemoveCtrl ActiveX Control Multiple Buffer Overflows - Ver2 (CVE-2008-3364)

Trend Micro OfficeScan is a centralized virus and security scan management system. A buffer overflow vulnerability has been reported in Trend Micro OfficeScan. The vulnerability is due to a boundary error in the OfficeScan ActiveX control objRemoveCtrl. To trigger this issue, an attacker may crea...

9.3CVSS7.2AI score0.32811EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/12/08 12:0 a.m.•123 views

Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6143)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in manipulating CAttrArray objects. Successful exploitation could cause memory corruption in a way that would allow attackers to execute code on the target...

9.3CVSS6.8AI score0.18763EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/02/21 12:0 a.m.•122 views

WordPress WP_Query SQL Injection (CVE-2022-21661)

An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

5CVSS3.2AI score0.97795EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2021/12/30 12:0 a.m.•120 views

ElFinder File Manager Command Injection (CVE-2021-32682)

A command injection vulnerability exists in ElFinder. The vulnerability is due to insufficient validation of the file name when creating an archive...

7.5CVSS2.6AI score0.69934EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•120 views

IBM Rational Focal Point RequestAccessController Servlet Information Disclosure (CVE-2013-5398)

An information disclosure vulnerability has been reported in IBM Focal Point. The vulnerability is due to input validation error of file variable in com.telelogic.focalpoint.pres.controller.RequestAccessController servlet. A remote unauthenticated attacker could exploit this vulnerability to read...

5.8AI score0.0059EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/10/30 12:0 a.m.•119 views

TOTOLink A860R Command Injection (CVE-2022-25076; CVE-2022-25078; CVE-2022-25079; CVE-2022-25080; CVE-2022-25081; CVE-2022-25082; CVE-2022-25083; CVE-2022-25084)

A command injection vulnerability exists in TOTOLink A860R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.3AI score0.24845EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/02/03 12:0 a.m.•116 views

Apple Safari Parent.Close User After Free - Ver2 (CVE-2010-1939)

A use-after-free vulnerability has been reported in Apple Safari. The vulnerability is due to an error in Apple Safari while handling the termination and subsequent referencing between child and parent windows. A remote attacker could trigger this vulnerability by enticing a vulnerable target to...

7.1AI score0.14708EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•115 views

SQL Servers Unauthorized Commands SQL Injection - Ver2 (CVE-2014-3704)

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. SQL injection techniques can be used by attackers to exploit the Drupal vulnerability. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or...

7.5CVSS6.3AI score0.99974EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2014/01/07 12:0 a.m.•111 views

Oracle 9i HTTP Server soapConfig.xml Access Information Disclosure - Ver2 (CVE-2002-0568)

An information disclosure vulnerability has been reported in Oracle 9i Application Server. A remote attacker could trigger this vulnerability by requesting XSQLConfig.xml or soapConfig.xml through a virtual directory. Successful exploitation of this vulnerability would allow a remote attacker to...

2.1CVSS5.5AI score0.75176EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/07/16 12:0 a.m.•110 views

Citrix SD-WAN Center Multiple Command Injection Vulnerabilities (CVE-2019-12985; CVE-2019-12986; CVE-2019-12987; CVE-2019-12988; CVE-2019-12990; CVE-2019-12992)

Multiple Command Injection vulnerabilities exist in Citrix SD-WAN Center. Successful exploitation of these vulnerabilities would allow remote attackers to execute arbitrary commands on the remote host...

10CVSS6.3AI score0.4894EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2021/03/30 12:0 a.m.•109 views

Cross Site Scripting Over HTTP Traffic (CVE-2020-17952; CVE-2021-26475; CVE-2021-26702; CVE-2021-26723; CVE-2021-39496; CVE-2021-39499)

Cross Site Scripting Over HTTP Traffic...

7.5CVSS0.3AI score0.12578EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2022/05/23 12:0 a.m.•108 views

WordPress MasterStudy LMS Plugin Privilege Escalation (CVE-2022-0441)

A privilege escalation exists in WordPress MasterStudy LMS plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

7.5CVSS6.6AI score0.84943EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•108 views

Fourtwosevenbb showthread.php ForumID Parameter SQL Injection - Ver2 (CVE-2006-0154)

An SQL injection vulnerability has been reported in 427BB Fourtwosevenbb. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

4.7AI score0.01323EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/05/30 12:0 a.m.•107 views

Microsoft Windows Server Remote Code Execution (CVE-2009-3103)

Microsoft Server Message Block SMB Protocol is a Microsoft network file sharing protocol used in Microsoft Windows. A vulnerability exists in Microsoft Server Message Block SMB Protocol that could allow remote attackers to execute arbitrary code on the vulnerable system due to memory corruption...

10CVSS9.3AI score0.90121EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2009/09/09 12:0 a.m.•107 views

Microsoft Windows SMB Negotiate Request Remote Code Execution (CVE-2009-2532; CVE-2009-3103)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote code execution vulnerability has been reported in the Microsoft Server Message Block SMB Protocol. The vulnerability is due to a memory corruption error in the Microsoft Server Message Block SMB...

10CVSS9.4AI score0.90121EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2008/03/11 12:0 a.m.•107 views

Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)

Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. A remote code execution vulnerability has been reported in Microsoft Office Web Components. A...

9.3CVSS7.4AI score0.6202EPSS
Exploits34
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•106 views

Boite de News index.php url_index Parameter PHP Code Execution - Ver2 (CVE-2006-4123)

A code execution vulnerability has been reported in Boite de News. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.2AI score0.0249EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/01/31 12:0 a.m.•106 views

Firebird SQL op_connect_request Denial of Service (CVE-2009-2620)

Firebird sometimes called FirebirdSQL is a relational database management system offering many ANSI SQL-2003 features. It runs on Linux, Windows, and a variety of Unix platforms. Started as a fork of Borland's open source release of InterBase, the Firebird codebase is maintained by the Firebird...

5CVSS6.8AI score0.08631EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•104 views

Tenda Routers Command Injection (CVE-2022-24170; CVE-2022-24171; CVE-2022-28572; CVE-2022-34595; CVE-2022-34596; CVE-2022-34597)

A command injection vulnerability exists in Tenda Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS7.8AI score0.02956EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•104 views

Light Weight Calendar index.php date Parameter PHP Code Execution - Ver2 (CVE-2006-0206)

A code execution vulnerability has been reported in Light Weight Calendar. The vulnerability is due to the application does not validating the 'date' variable upon submission to the 'index.php' script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrar...

7.6AI score0.04279EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/03 12:0 a.m.•103 views

TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)

A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.6AI score0.03986EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2022/11/21 12:0 a.m.•100 views

Kentico CMS Remote Code Execution (CVE-2019-10068)

A remote code execution vulnerability exists in Kentico CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.6AI score0.96031EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•100 views

MF Piadas admin.php page Parameter PHP Code Execution - Ver2 (CVE-2006-3323)

A cross-site scripting vulnerability has been reported in MF Piadas. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5AI score0.07615EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/10/27 12:0 a.m.•100 views

Corel PaintShop Pro Insecure Library Loading (CVE-2013-0733)

A code execution vulnerability exists in Corel's PaintShop Pro...

7.2AI score0.05108EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/11/26 12:0 a.m.•99 views

W3-Total-Cache Wordpress-plugin Username and Hash Extract (CVE-2012-6077)

An information disclosure vulnerability has been reported in W3 Total Cache Plugin for Wordpress...

6.9AI score0.05378EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•98 views

Fourtwosevenbb Cookie-based Authentication Bypass - Ver2 (CVE-2006-0153)

An authentication bypass vulnerability has been reported in 427BB Fourtwosevenbb. A remote attacker could trigger this vulnerability by using a valid username and usertype and setting the authenticated cookie. Successful exploitation of this vulnerability would allow remote attackers to gain...

6.9AI score0.03381EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2006/07/11 12:0 a.m.•98 views

Update Protection against Microsoft Excel Vulnerabilities (MS06-037)

Microsoft Excel is prone to multiple vulnerabilities that may allow remote attackers to take any action with an affected system. When Excel opens a specially crafted Excel file that results from the processing of a malformed file, it may corrupt system memory, potentially allowing for remote code...

9.3CVSS7.1AI score0.41113EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/10/18 12:0 a.m.•97 views

Apache HTTP Server Server-Side Request Forgery (CVE-2021-40438)

A Server Side Request Forgery vulnerability exists in Apache HTTP Server. A remote attacker may exploit this issue by making a specially crafted HTTP request. Successful exploitation would allow attackers to create HTTP requests on behalf of the vulnerable server...

6.8CVSS9.1AI score0.99999EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/05/10 12:0 a.m.•97 views

Cisco Data Center Network Manager SQL Injection (CVE-2019-15984)

An SQL injection vulnerability exists in Cisco Data Center Network Manager. The vulnerability is due to insufficient input validation when processing HTTP requests in the Java class smartLicensingController...

9CVSS1.7AI score0.46935EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2019/07/07 12:0 a.m.•97 views

Schneider Electric Modicon Multiple Denial Of Service Vulnerabilities (CVE-2018-7843; CVE-2018-7852; CVE-2018-7853; CVE-2018-7854; CVE-2018-7855; CVE-2018-7856; CVE-2018-7857; CVE-2019-6807)

Multiple denial of service vulnerabilities exist in Schneider Electric Modicon. A remote unauthenticated attacker could send crafted UMAS command packets to cause denial of service conditions...

5CVSS3.8AI score0.03614EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2018/02/06 12:0 a.m.•97 views

WordPress Core Load Script Denial of Service (CVE-2018-6389)

A Denial of Service vulnerability exists within WordPress Core Load Script. This vulnerability is due to the way WordPress handles large array loads. Successful exploitation could lead to a denial of service...

5CVSS1.2AI score0.73098EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/08/06 12:0 a.m.•97 views

HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)

A command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to...

10CVSS4.8AI score0.89394EPSS
Exploits34
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•97 views

WoWRoster subdir Parameter PHP Code Execution - Ver2 (CVE-2006-3997)

A code execution vulnerability has been reported in WoWRoster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6AI score0.03352EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/07/13 12:0 a.m.•97 views

Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)

Multiple remote code execution vulnerabilities have been reported in Microsoft Office Web Components ActiveX Controls. Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the publish...

9.3CVSS7.7AI score0.6202EPSS
Exploits28
Check Point Advisories
Check Point Advisories
•added 2020/03/25 12:0 a.m.•96 views

qdPM Remote Code Execution (CVE-2020-7246)

A remote code execution vulnerability exists in qdPM. Successful exploitation of this vulnerability could result in execution of arbitrary code on the affected system...

6.5CVSS4.1AI score0.83235EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2019/12/26 12:0 a.m.•96 views

Verot Class.upload.php Remote Code Execution (CVE-2019-19576; CVE-2019-19634)

A file upload vulnerability exists in class.upload.php. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.26184EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2010/02/28 12:0 a.m.•96 views

Portable Executable (PE) 16-bit File (CVE-2010-0232; CVE-2011-2003)

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to...

9.3CVSS6.2AI score0.29253EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2010/02/12 12:0 a.m.•96 views

Update Protection against Windows Kernel Exception Handler Vulnerability (MS10-015)

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system, providing system level services such as device management and memory management. An attacker who successfully exploite...

7.2CVSS6.5AI score0.29253EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2022/11/17 12:0 a.m.•95 views

rpc.py Project Remote Code Execution (CVE-2022-35411)

A remote code execution vulnerability exists in rpc.py Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.45862EPSS
Exploits7
Total number of security vulnerabilities5000