Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2020/09/22 12:0 a.m.•47 views

Microsoft Office Remote Code Execution (CVE-2017-0261)

A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...

3.3AI score0.7813EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/08/31 12:0 a.m.•47 views

Apache Archiva Command Injection (CVE-2020-9495)

A command injection vulnerability exists in Apache Archiva. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

5CVSS5.8AI score0.08004EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/07/29 12:0 a.m.•47 views

SuperWebMailer Remote Code Execution (CVE-2020-11546)

A remote code execution vulnerability exists in SuperWebMailer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.3AI score0.32841EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/07/27 12:0 a.m.•47 views

GoAhead Command Injection (CVE-2019-15311; CVE-2019-15310; CVE-2019-15312)

A command injection vulnerability exists in GoAhead. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...

10CVSS7.5AI score0.08257EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/07/06 12:0 a.m.•47 views

Joomla Saxum Astro Component SQL Injection (CVE-2018-7180)

A vulnerability exists in Saxum2003 astro 4.0.14. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7.5CVSS5.8AI score0.02759EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/04/27 12:0 a.m.•47 views

Schneider Electric IGSSupdateservice Directory Traversal (CVE-2020-7478)

A directory traversal vulnerability exists in Schneider Electric IGSS SCADA System. The vulnerability is due to improper handling of a user-supplied path in IGSSupdateservice service...

5CVSS2.8AI score0.03966EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/03/26 12:0 a.m.•47 views

Citrix Gateway Cache Bypass (CVE-2020-10111)

A cache bypass vulnerability exists in Citrix Gateway. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

5CVSS4.9AI score0.0195EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/03/15 12:0 a.m.•47 views

OpenSMTPD Remote Code Execution (CVE-2020-8794)

A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.3AI score0.889EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2020/02/03 12:0 a.m.•47 views

WordPress Code Snippets Plugin Cross Site Request Forgery (CVE-2020-8417)

A cross site request forgery vulnerability exists in WordPress Code Snippets plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the affected system...

6.8CVSS2.8AI score0.11905EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2019/10/09 12:0 a.m.•47 views

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1335)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS5.1AI score0.09509EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/03/12 12:0 a.m.•47 views

Microsoft Internet Explorer Security Feature Bypass (CVE-2019-0768)

A security bypass vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...

4.3CVSS6AI score0.48501EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2018/10/21 12:0 a.m.•47 views

SugarCRM Cross-Site Scripting (CVE-2018-17784)

A cross-site scripting vulnerability exists in SugarCRM 6.5.26. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.9AI score0.04353EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2018/07/01 12:0 a.m.•47 views

WellinTech KingView Buffer Overflow - Ver2 (CVE-2011-0406; CVE-2012-1830)

A buffer overflow vulnerability exists in WellinTech KingView. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

10CVSS5.3AI score0.20939EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2018/04/11 12:0 a.m.•47 views

Spring Web Flow SPEL Command Injection (CVE-2017-4971) - Ver2

A command injection vulnerability exists in Spring Web. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

4.3CVSS5.6AI score0.15858EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/02/04 12:0 a.m.•47 views

OrientDB Groovy Wrapper Remote Code Execution (CVE-2017-11467)

A remote code execution vulnerability exists in OrientDB server. The vulnerability is due privilege escalation when the server receives a specially crafted request. A remote attacker can exploit this vulnerability to gain privilege rights and execute arbitrary code...

10CVSS4.6AI score0.73071EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/08/28 12:0 a.m.•47 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8670)

A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS4.3AI score0.68729EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/08/28 12:0 a.m.•47 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8671)

An off-by-one vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to the way Microsoft Edge Chakra JavaScript engine renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...

7.6CVSS7.2AI score0.69277EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/05/08 12:0 a.m.•47 views

Moodle Remote Code Execution (CVE-2017-2641)

A remote code execution vulnerability exists in Moodle. The vulnerability is due to object injection through a legacy user preferences setting. A remote attacker can exploit this vulnerability to execute PHP code at the vulnerable Moodle server...

7.5CVSS3AI score0.1453EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/04/27 12:0 a.m.•47 views

Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure (CVE-2017-8225)

An information disclosure vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

7.5CVSS8.5AI score0.18005EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/11/20 12:0 a.m.•47 views

Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)

A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the responsetype parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code...

6.5CVSS3.5AI score0.79176EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/10/11 12:0 a.m.•47 views

Microsoft Edge Memory Corruption (MS16-119: CVE-2016-3386)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

9.3CVSS7.3AI score0.41323EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/09 12:0 a.m.•47 views

Microsoft Windows Elevation of Privilege (MS16-014: CVE-2016-0040)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel verifies memory address. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted code...

7.2CVSS5AI score0.24554EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•47 views

Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)

Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...

9.3CVSS3.6AI score0.22364EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•47 views

Adobe Acrobat and Reader ToolButton Use After Free (APSB13-15) - Ver2 (CVE-2013-3346)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the handling of callback functions associated with ToolButton objects. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted file. Successful...

10CVSS7AI score0.78581EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/02/03 12:0 a.m.•47 views

Internet Explorer Same Origin Policy Bypass (CVE-2015-0072)

A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by...

4.3CVSS6AI score0.71698EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/10/02 12:0 a.m.•47 views

op5 Monitor license.php Remote Command Execution (CVE-2012-0261)

A command execution vulnerability has been reported in op5 Monitor. The vulnerability is due to an input validation flaw related to the system-op5config component. A remote attacker can exploit this vulnerability to execute arbitrary shell commands via command injection...

10CVSS4.8AI score0.73949EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•47 views

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

5.8CVSS5.2AI score0.18278EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/08/25 12:0 a.m.•47 views

Symantec Endpoint Protection Manager secars.dll Buffer Overflow (CVE-2013-1612)

A buffer overflow vulnerability exists in Symantec Endpoint Protection Manager SEPM. The vulnerability is caused by insufficient boundary check while processing external input. By supplying a crafted HTTP request to the vulnerable server, a remote unauthenticated attacker can possibly exploit thi...

7.9CVSS7.7AI score0.04383EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/02/03 12:0 a.m.•47 views

Internet Explorer iepeers.dll Use-After-Free - Ver2 (CVE-2010-0806)

A use-after-free vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.1AI score0.82172EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2013/11/12 12:0 a.m.•47 views

Microsoft Windows InformationCardSigninHelper Class ActiveX Control Code Execution (MS13-090; CVE-2013-3918)

A remote code execution vulnerability exists in the InformationCardSigninHelper Class ActiveX control, icardie.dll...

7.3AI score0.73872EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2013/10/21 12:0 a.m.•47 views

Multiple Products DVR Configuration Disclosure (CVE-2013-1391)

A configuration disclosure vulnerability has been reported in the DVR web server of multiple vendors which allows authentication bypass. A remote attacker could get the unencrypted configuration file by requesting the "/DVR.cfg" without entering credentials. Successful exploitation of this...

5CVSS7.3AI score0.76109EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/09/22 12:0 a.m.•47 views

HP LoadRunner WriteFileString Directory Traversal - ver 2 (CVE-2013-4798)

A directory traversal and file overwrite vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient input sanitization, which permits directory traversal in theWriteFileString method. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visi...

10CVSS6.3AI score0.67723EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/03/05 12:0 a.m.•47 views

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

7.5AI score0.23843EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/24 12:0 a.m.•47 views

Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow (CVE-2012-5960)

A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing service name URIs in the function called from the SSDP protocol parser. A remote attacker can exploit this vulnerability to execute...

7.6AI score0.32627EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2012/12/03 12:0 a.m.•47 views

Dries Buytaert Drupal Core OpenID Module Information Disclosure (CVE-2012-4554)

An information disclosure vulnerability has been reported in Dries Buytaert Drupal Core. The vulnerability is due to an input validation error when handling specially crafted OpenID responses. A remote attacker can exploit this issue by sending a specially crafted OpenID response to the target...

5CVSS5.6AI score0.15812EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2012/10/14 12:0 a.m.•47 views

Ruby on Rails Hash SQL Injection (CVE-2012-2695)

An SQL injection vulnerability has been reported in Ruby on Rails Active Record...

7.6AI score0.02924EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2012/08/20 12:0 a.m.•47 views

phpBB viewtopic.php URL Decoding Code Execution (CVE-2004-1315)

A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...

7.5CVSS8.1AI score0.72096EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2012/07/10 12:0 a.m.•47 views

Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046; CVE-2012-1854)

A remote code execution vulnerability has been reported in Microsoft Visual Basic for Applications VBA...

7.3AI score0.21028EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2011/06/07 12:0 a.m.•47 views

Novell Netware XNFS.NLM Stack Buffer Overflow (CVE-2010-4227)

Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. A stack buffer overflow vulnerability exists in Novell Netware product. A remote attacker could trigger this flaw by sending a malicious NFS RPC request to the...

10CVSS7.5AI score0.16819EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/10/18 12:0 a.m.•47 views

Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow (CVE-2010-3552)

Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will allow execution of arbitrar...

10CVSS7AI score0.8074EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2010/10/12 12:0 a.m.•47 views

Internet Explorer HtmlDlgHelper Class Memory Corruption (MS10-071; CVE-2010-3329)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. To trigger this issue, ...

9.3CVSS7AI score0.28842EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2010/08/03 12:0 a.m.•47 views

Novell iManager Class Name Remote Buffer Overflow (CVE-2010-1929)

Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. A buffer overflow vulnerability exists in Novell iManager. The vulnerability is d...

9CVSS7.6AI score0.16097EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2010/07/27 12:0 a.m.•47 views

HP OpenView NNM getnnmdata.exe CGI Hostname Parameter Buffer Overflow (CVE-2010-1555)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow vulnerability...

10CVSS1.9AI score0.64447EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2010/06/08 12:0 a.m.•47 views

Internet Explorer CStyleSheet Uninitialized Memory Corruption (MS10-035; CVE-2010-1259; CVE-2010-1262)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. The vulnerabilities are due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigger this issue, an attacker may create a malicious web page...

9.3CVSS7.3AI score0.33056EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2010/04/18 12:0 a.m.•47 views

IBM Lotus Domino Web Access ActiveX Controls Buffer Overflow (CVE-2007-4474)

IBM Lotus Domino Web Access is a Web browser-based client platform that provides functionality similar to that of IBM Lotus Notes. With Lotus Domino Web Access, the user can send encrypted rich text e-mails, schedule meetings, manage tasks, collaborate with colleagues and so on. There exists a...

9.3CVSS7.5AI score0.44184EPSS
Exploits25
Check Point Advisories
Check Point Advisories
•added 2009/12/22 12:0 a.m.•47 views

Oracle Database Server MD2 package VALIDATE_GEOM procedure Buffer Overflow (CVE-2004-1364)

Oracle database can natively manage geographic and location data. MD2 is one of the packages installed to provide the location and spatial data operations. This package is owned by user MDSYS and granted public execution permission by default. An input validation vulnerability exists within a...

8.5CVSS7.4AI score0.13782EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2009/12/22 12:0 a.m.•47 views

F-Secure Anti-Virus LHA Processing Buffer Overflow (CVE-2004-0234)

F-Secure Corporation protects individuals and businesses against computer viruses and other threats spreading through the Internet and mobile networks. F-Secure Anti-Virus is an anti-virus solution for both the enterprise and the desktop. It is available for both Windows and Linux. Additionally, ...

10CVSS7.3AI score0.10262EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2009/12/08 12:0 a.m.•47 views

Microsoft WordPad and Office Text Converter Memory Corruption (MS09-073; CVE-2009-2506)

WordPad Text Converters allow users who do not have Microsoft Office Word installed to open documents in other Microsoft Windows applications. A remote code execution vulnerability has been reported in Microsoft WordPad and Office Word. The vulnerability is due to a memory corruption error in the...

9.3CVSS7.4AI score0.31232EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/06 12:0 a.m.•47 views

mIRC PRIVMSG Message Processing Buffer Overflow (CVE-2008-4449)

Internet Relay Chat IRC is a form of instant messaging over the Internet. It is mainly designed for group communication in discussion forums called channels, but also allows one-to-one communication via private messages. mIRC is a popular IRC client for Microsoft Windows. There exists a buffer...

9.3CVSS7.6AI score0.38737EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/11/24 12:0 a.m.•47 views

Preemptive Protection against Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands...

9.3CVSS6.5AI score0.71802EPSS
Exploits4
Total number of security vulnerabilities5000