Lucene search
K
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2005/02/01 12:0 a.m.•83 views

Microsoft Windows ANI File Parsing Buffer Overflow (MS05-002; CVE-2004-1049; CVE-2007-0038)

...

9.3CVSS6.4AI score0.7288EPSS
Exploits25
Check Point Advisories
Check Point Advisories
•added 2022/11/02 12:0 a.m.•82 views

AtomCMS SQL Injection (CVE-2022-24223)

An SQL injection vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

7.5CVSS3.6AI score0.61965EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/11/02 12:0 a.m.•82 views

TypeORM FindOne Authentication Bypass (CVE-2022-33171)

An authentication bypass vulnerability exists in TypeORM FindOne. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

7.5CVSS6.2AI score0.20299EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2018/11/22 12:0 a.m.•82 views

Paloaltonetworks Panos Remote Code Execution (CVE-2017-15944) - Ver2

A remote code execution vulnerability exists in paloaltonetworks panos. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.9834EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2018/07/05 12:0 a.m.•82 views

Foxit Reader PDF Use After Free Code Execution (CVE-2018-9948)

A remote code execution vulnerability exists in Foxit Reader. The vulnerability is due to a use-after-free error in Foxit Reader while handling a specially crafted PDF file. Successful exploitation could lead to arbitrary code execution...

4.3CVSS4AI score0.64074EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2022/11/17 12:0 a.m.•81 views

CuppaCMS Remote Code Execution (CVE-2022-37190)

A remote code execution vulnerability exists in CuppaCMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7AI score0.45769EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/10/23 12:0 a.m.•81 views

WordPress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in WordPress Email Template Designer. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

4.3CVSS6.1AI score0.70511EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2022/05/15 12:0 a.m.•81 views

Jenkins Script Security Plugin Remote Code Execution (CVE-2019-1003029)

A remote code execution vulnerability exists in Jenkins Script Security Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS4.6AI score0.73854EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/02/27 12:0 a.m.•81 views

Elog Project Denial of Service (CVE-2019-3995; CVE-2020-8859)

A denial of service vulnerability exists in Elog. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS4.8AI score0.28547EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2019/10/16 12:0 a.m.•81 views

Atlassian Jira Service Desk Server and Data Center Path Traversal (CVE-2019-14994)

A directory traversal vulnerability exists in Atlassian Jira Service Desk Server and Data Center. The vulnerability is due to a lack of proper validation of a user-supplied path...

4.3CVSS4.3AI score0.05876EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/07/29 12:0 a.m.•81 views

XiongMai uc-httpd Buffer Overflow (CVE-2018-10088)

A remote code execution vulnerability exists in XiongMai uc-httpd. The vulnerability is due to a buffer overflow. Successful exploitation would allow an attacker to execute arbitrary code on the target...

10CVSS5.2AI score0.40386EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•81 views

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2016-3652)

A cross-site-scripting vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient input validation on user-supplied input. A remote attacker could exploit this vulnerability by enticing authenticated users to click on a crafted link...

3.5CVSS3.4AI score0.02552EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/06/24 12:0 a.m.•81 views

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution (CVE-2013-0230)

A stack buffer overflow has been reported in MiniUPnP 1.0 SOAP. The vulnerability is due to a boundary error when processing SOAPAction HTTP requests. A remote attacker can exploit this issue by sending specially crafted requests. Successful exploitation would allow an attacker to inject and...

10CVSS7.5AI score0.69151EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2012/01/17 12:0 a.m.•81 views

Adobe Reader and Acrobat Embedded BMP Memory Corruption (APSB12-01; CVE-2012-4373)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2011/11/01 12:0 a.m.•81 views

HP Data Protector Client EXEC_CMD Command Execution (CVE-2011-0923)

A remote code execution vulnerability has been reported in HP Data Protector. The vulnerability is due to insufficient input validation of arguments passed to the EXECCMD command. A remote attacker may exploit this vulnerability by sending a specially crafted request to an affected Data Protector...

10CVSS7.7AI score0.81081EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2010/07/26 12:0 a.m.•81 views

Microsoft Office Visio DXF File Inserting Buffer Overflow - Improved Performance (CVE-2010-1681)

A buffer overflow vulnerability exists in Microsoft Office Visio. The vulnerability is due to a boundary error when parsing DXF files inserted into Visio documents. This vulnerability may be exploited by remote attackers by enticing a user to open a maliciously crafted Visio file with a vulnerabl...

7.6CVSS6.6AI score0.67309EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2006/12/04 12:0 a.m.•81 views

Security Best Practice: SmartDefense Content Protection Defenses

The Content Protection defenses allow users of VPN-1 NGX R62, R61 and R60 to block malicious content over multiple protocols. The protection includes well known file types such as popular image files and Microsoft Office files that are prone to denial of service and remote code execution...

9.3CVSS7.1AI score0.53596EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2021/04/18 12:0 a.m.•80 views

UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)

UNION Query-based SQL Injection Over HTTP Traffic...

7.5CVSS0.8AI score0.82976EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2018/11/13 12:0 a.m.•80 views

Advantech WebAccess Remote Code Execution (CVE-2018-15705; CVE-2018-15707)

An arbitrary file write and remote code execution vulnerabilities exist in Advantech WebAccess software. The vulnerabilities are due to the lack of input validation when processing the 'folderpath' parameter in an HTTP POST request. Successful exploitation could lead to remote code execution on t...

8.5CVSS2.4AI score0.12236EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/11/06 12:0 a.m.•80 views

Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)

An information disclosure vulnerability exists in Hikvision IP cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

4.5AI score0.99998EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2013/11/12 12:0 a.m.•80 views

Microsoft Graphics Device Interface Integer Overflow (MS13-089; CVE-2013-3901)

A remote code execution vulnerability has been reported in the Windows Graphics Device Interface GDI...

7.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/03/12 12:0 a.m.•80 views

Microsoft Windows Assembly Execution (MS12-005) - High Confidence (CVE-2012-0013)

A remote code execution vulnerability has been reported in Microsoft Windows Packager. The vulnerability is caused due to ClickOnce application file types not being included in the Windows Packager unsafe file type list. A remote attacker may exploit this issue by enticing a target user to open a...

9.3CVSS7.2AI score0.73753EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2012/10/14 12:0 a.m.•80 views

GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution (CVE-2012-2516)

A remote code execution vulnerability has been reported in GE Proficy Historian...

7.4AI score0.39711EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2022/10/30 12:0 a.m.•79 views

Wordpress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in the Wordpress plugin "WordPress Email Template Designer - WP HTML Mail". The vulnerability is due to lack of authentication on REST-API endpoints created by the plugin...

4.3CVSS1.6AI score0.70511EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/10/19 12:0 a.m.•79 views

p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)

p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...

7.5CVSS8.4AI score0.84112EPSS
Exploits38
Check Point Advisories
Check Point Advisories
•added 2020/07/19 12:0 a.m.•79 views

Microsoft Windows Media Player MIDI Remote Code Execution (MS12-004; CVE-2012-0003)

A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...

9.3CVSS7.2AI score0.69499EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2020/05/31 12:0 a.m.•79 views

FUEL CMS Remote Code Execution (CVE-2018-16763)

A command injection vulnerability exists in FUEL CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.82937EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2018/10/02 12:0 a.m.•79 views

ABB Panel Builder 800 Stack-based Buffer Overflow (CVE-2018-10616)

A stack-based buffer overflow exists in ABB Panel Builder. The vulnerability is due to an input validation error while processing a parameter for ABB Comli OPC driver setting...

9.3CVSS4.3AI score0.01209EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/13 12:0 a.m.•79 views

Microsoft Browser Information Disclosure (CVE-2017-8529)

An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file...

4.3CVSS1.7AI score0.14265EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•79 views

RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)

An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...

10CVSS4.1AI score0.63748EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2012/07/16 12:0 a.m.•79 views

Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...

10CVSS6.6AI score0.72596EPSS
Exploits22
Check Point Advisories
Check Point Advisories
•added 2022/10/02 12:0 a.m.•78 views

Cybelsoft ThinVNC Directory Traversal (CVE-2019-17662)

A Directory Traversal vulnerability exists in Cybelsoft ThinVNC. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

5CVSS5.5AI score0.96758EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2021/04/05 12:0 a.m.•78 views

FortiLogger Arbitrary File Upload (CVE-2021-3378)

An arbitrary file upload vulnerability exists in FortiLogger. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5AI score0.97512EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2019/11/05 12:0 a.m.•78 views

rConfig Remote Code Execution (CVE-2019-16662; CVE-2019-16663)

A remote code execution vulnerability exists in rConfig. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.6AI score0.97702EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2019/06/24 12:0 a.m.•78 views

WordPress Plugin WPGraphQL Information Disclosure (CVE-2019-9879; CVE-2019-9880; CVE-2019-9881)

An information disclosure vulnerability exists in WordPress Plugin WPGraphQL. A remote attacker could trigger this flaw by sending a crafted request. Successful exploitation may result in the disclosure of sensitive information...

7.5CVSS1.8AI score0.46614EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2018/07/03 12:0 a.m.•78 views

Command Injection Over HTTP Payload (CVE-2013-6719; CVE-2013-6720; CVE-2020-26728; CVE-2022-30105)

A command Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

10CVSS3.8AI score0.28583EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/06/13 12:0 a.m.•78 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)

A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to a CAttribute object being confused for a CAttrArray object by the PrivateFindInl method. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.3AI score0.51465EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•78 views

Git Client Path Validation Command Execution (CVE-2014-9390)

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a...

7.5CVSS2.7AI score0.63178EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/11/27 12:0 a.m.•78 views

Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)

A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...

10CVSS7.5AI score0.94534EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•78 views

MediaWiki Input Validation Remote Code Execution (CVE-2014-1610)

A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...

2.3AI score0.42777EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2009/09/08 12:0 a.m.•78 views

Microsoft IIS FTP Server Recursive Listing Denial of Service (CVE-2009-2521; CVE-2009-3023)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes an FTP server service for exchanging and manipulating files over a TCP computer network. A stack consumption vulnerability has been discovered in Microsoft Internet Information...

9CVSS6.2AI score0.90913EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2007/03/29 12:0 a.m.•78 views

Preemptive Protection against Sourcefire Intrusion Sensor and Snort DCE/RPC Preprocessor Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in Sourcefire Intrusion Sensor and in Snort DCE/RPC preprocessor. Sourcefire Snort is an open-source network intrusion detection system. Snort DCE/RPC preprocessor is a plug-in that reassembles fragmented SMB and DCE/RPC packets. A remote attack...

10CVSS7.6AI score0.79319EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•77 views

Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)

A remote code execution vulnerability exists in Micro Focus UCMDB. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.4AI score0.7699EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/09/21 12:0 a.m.•77 views

Cacti color.php SQL Injection (CVE-2020-14295)

A SQL injection vulnerability exists in Cacti. The vulnerability is due to improper sanitization of the filter request parameter in color.php...

6.5CVSS3.3AI score0.8633EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/07/03 12:0 a.m.•77 views

uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)

A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

5CVSS5.2AI score0.69907EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/02/25 12:0 a.m.•77 views

Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)

A type confusion vulnerability exists in Red Lion Crimson. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current user...

6.8CVSS3.2AI score0.01002EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•77 views

Microsoft GDI EMF Image Processing Integer Overflow - Ver2 (CVE-2011-0041)

A integer overflow vulnerability has been reported in Microsoft GDI+. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.28157EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•77 views

Microsoft Windows Assembly Execution File Inclusion - Ver2 (CVE-2012-0013)

A file inclusion vulnerability has been reported in Microsoft Office. The vulnerability is due to ClickOnce application file types not being included in the Windows Packager unsafe file type list. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...

7AI score0.73753EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)

A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...

7.5AI score0.62876EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Wireshark DECT Dissector Stack Buffer Overflow - Ver2 (CVE-2011-1591)

A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...

9.3CVSS7.5AI score0.41744EPSS
Exploits18
Total number of security vulnerabilities5000