Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

checkpoint_advisories
checkpoint_advisories
•added 2014/12/28 12:0 a.m.•39 views

VLC Media Player ABC File Parsing Buffer Overflow - Ver2 (CVE-2013-4233)

A buffer overflow vulnerability has been reported in VLC Media Player's ABC file parsing. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

6.8CVSS7.4AI score0.04083EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2014/12/28 12:0 a.m.•39 views

Rocket Servergraph Admin Center fileRequestor Directory Traversal - Ver2 (CVE-2014-3914)

A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...

10CVSS2.6AI score0.72606EPSS
Exploits5
checkpoint_advisories
checkpoint_advisories
•added 2014/12/28 12:0 a.m.•39 views

Microsoft Host Integration Server Remote Command Execution (MS08-059) - Ver2 (CVE-2008-3466)

Microsoft Host Integration Server HIS is a gateway application that provides host access and integration, extending Microsoft Windows to other systems by integrating mission-critical host applications, data sources, messaging, and security systems. . A remote code execution vulnerability has been...

10CVSS7.6AI score0.77741EPSS
Exploits9
checkpoint_advisories
checkpoint_advisories
•added 2014/12/16 12:0 a.m.•39 views

FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)

A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...

10CVSS3.5AI score0.4299EPSS
Exploits4
checkpoint_advisories
checkpoint_advisories
•added 2014/06/08 12:0 a.m.•39 views

GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)

A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...

4.7AI score0.03416EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2014/04/16 12:0 a.m.•39 views

ProShow Gold file based Buffer Overflow - Ver2 (CVE-2009-3214)

A buffer overflow vulnerability has been reported in Photodex Proshow Gold. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.6AI score0.30787EPSS
Exploits4
checkpoint_advisories
checkpoint_advisories
•added 2014/04/16 12:0 a.m.•39 views

Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (MS07-061) - Ver2 (CVE-2007-3896)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Windows Internet Explorer 7. The vulnerability occurs when Windows does not correctly handle specially crafted URLs or URIs that are passed to it. There are a...

9.3CVSS7.2AI score0.53831EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
•added 2014/04/16 12:0 a.m.•39 views

Microsoft Excel Column Record Handling Memory Corruption (MS07-002) - Ver2 (CVE-2007-0030)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

9.3CVSS7.4AI score0.32093EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2014/04/02 12:0 a.m.•39 views

EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)

An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...

5CVSS6AI score0.02072EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2014/03/31 12:0 a.m.•39 views

Zavio IP Camera Firmware 1.6.03 Authentication Bypass - Ver2 (CVE-2013-2567)

An authentication bypass vulnerability has been reported in the Zavio IP Camera firmware. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

8.7AI score0.14572EPSS
Exploits6
checkpoint_advisories
checkpoint_advisories
•added 2014/03/31 12:0 a.m.•39 views

Microsoft Word Section Table Array Buffer Overflow - Ver2 (CVE-2007-0515)

A buffer overflow vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a flaw in the Section Table entry inside the Table Stream structure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.4AI score0.3816EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2014/03/31 12:0 a.m.•39 views

Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)

An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.2AI score0.26523EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2014/03/31 12:0 a.m.•39 views

KingView ActiveX Control Directory Traversal - Ver2 (CVE-2013-6128)

A directory traversal vulnerability has been reported in Wellintech Kingview. Successful exploitation of this vulnerability would allow a remote attacker to list directories, create arbitrary files and subsequently execute arbitrary code on the affected system...

5.8CVSS7.2AI score0.02753EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2014/03/04 12:0 a.m.•39 views

WordPress Plugin AdRotate SQL Injection (CVE-2014-1854)

An SQL injection vulnerability has been reported in the AdRotate plugin for WordPress. Remote attacker can exploit this vulnerability to execute arbitrary SQL commands on the target...

7.5CVSS8.2AI score0.05412EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
•added 2014/03/03 12:0 a.m.•39 views

B-net Software Content Management System shout.php name Parameter XSS - Ver2 (CVE-2006-0078)

A cross-site scripting vulnerability has been reported in Haddad Said B-net Software 1.0. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

5.9AI score0.01762EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2014/02/03 12:0 a.m.•39 views

Novell Client EnumPrinters Buffer Overflow - Ver2 (CVE-2008-0639)

A buffer overflow vulnerability has been reported in Novell Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5AI score0.23186EPSS
Exploits6
checkpoint_advisories
checkpoint_advisories
•added 2013/09/29 12:0 a.m.•39 views

XnView PCT File Processing Buffer Overflow (CVE-2013-2577)

A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution ...

9.3CVSS9.5AI score0.11839EPSS
Exploits4
checkpoint_advisories
checkpoint_advisories
•added 2013/09/22 12:0 a.m.•39 views

Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)

The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...

5CVSS6.2AI score0.31083EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2013/09/22 12:0 a.m.•39 views

Tiki Wiki PHP unserialize() Remote Code Execution (CVE-2012-0911)

A remote code execution vulnerability has been reported in Tiki Wiki...

7.4AI score0.62989EPSS
Exploits12
checkpoint_advisories
checkpoint_advisories
•added 2013/08/16 12:0 a.m.•39 views

Non Compliant SSL (CVE-2003-0719; CVE-2004-0826)

A vulnerability exists in SSL library. Remote attacker could construct a specially crafted SSL negotiation packet that could cause the library to crash...

7.5CVSS6.1AI score0.83412EPSS
Exploits9
checkpoint_advisories
checkpoint_advisories
•added 2013/05/29 12:0 a.m.•39 views

Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)

A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...

8.5CVSS6.3AI score0.40338EPSS
Exploits8
checkpoint_advisories
checkpoint_advisories
•added 2013/05/05 12:0 a.m.•39 views

Microsoft Internet Explorer 8 Use After Free Code Execution - Zero Day (CVE-2013-1347)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer 8. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.3AI score0.77889EPSS
Exploits11
checkpoint_advisories
checkpoint_advisories
•added 2013/03/21 12:0 a.m.•39 views

SCADA DaqFactory HMI NETB Request Overflow (CVE-2011-3492)

Stack-based buffer overflow has been reported in Azeotech DAQFactory. The vulnerability is due to insufficient validation of incoming NETB requests to UDP port 20034. A remote attacker could exploit this vulnerability by sending a malicious request to the affected service. Successful exploitation...

10CVSS7.3AI score0.70909EPSS
Exploits3
checkpoint_advisories
checkpoint_advisories
•added 2012/11/25 12:0 a.m.•39 views

Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)

An arbitrary code execution vulnerability has been reported in the management GUI in Symantec Web Gateway...

7.3AI score0.64061EPSS
Exploits5
checkpoint_advisories
checkpoint_advisories
•added 2012/09/19 12:0 a.m.•39 views

Internet Explorer execCommand Use-After-Free (CVE-2012-4969)

A use-after-free vulnerability has been reported in Microsoft Internet Explorer...

6.3AI score0.81716EPSS
Exploits8
checkpoint_advisories
checkpoint_advisories
•added 2012/03/19 12:0 a.m.•39 views

Novell ZENworks LaunchHelp.dll ActiveX Control Code Execution (CVE-2011-2657)

A remote code execution vulnerability has been reported in Novell ZENworks ActiveX control...

7.4AI score0.48366EPSS
Exploits10
checkpoint_advisories
checkpoint_advisories
•added 2012/02/20 12:0 a.m.•39 views

ProFTPD FTP Server TELNET_IAC Stack Buffer Overflow (CVE-2010-4221)

A remote code injection and execution vulnerability has been reported in ProFTPD FTP Server. The vulnerability is due to an error in the way boundary checks are implemented when processing Telnet escape sequences. A remote attacker may exploit this issue by sending a specially crafted FTP command...

10CVSS9.7AI score0.91303EPSS
Exploits10
checkpoint_advisories
checkpoint_advisories
•added 2011/10/11 12:0 a.m.•39 views

Internet Explorer Option Element Memory Corruption (MS11-081; CVE-2011-1996)

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access objects that have not been initialized or have been deleted. A remote attacker could trigger this vulnerability by enticing an...

9.3CVSS7.2AI score0.60456EPSS
Exploits5
checkpoint_advisories
checkpoint_advisories
•added 2010/10/28 12:0 a.m.•39 views

Adobe Shockwave Player CSWV Record Length Memory Corruption (APSB10-25; CVE-2010-4087)

Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A memory corruption vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due t...

9.3CVSS6.4AI score0.04295EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2010/10/12 12:0 a.m.•39 views

Workaround for Microsoft Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-076)

A remote code execution vulnerability has been reported in the way Microsoft Windows Embedded OpenType EOT font technology parses certain tables in specially crafted embedded fonts. Embedded OpenType EOT fonts are a compact form of fonts designed for use on web pages. A remote attacker can exploi...

9.3CVSS7.3AI score0.23344EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2010/06/23 12:0 a.m.•39 views

Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)

There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...

9.3CVSS8.4AI score0.10784EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2010/05/11 12:0 a.m.•39 views

Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031; CVE-2010-0815)

Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...

9.3CVSS7.6AI score0.22364EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2010/05/02 12:0 a.m.•39 views

Novell Netware FTP Server Remote Stack Buffer Overflow (CVE-2010-0625)

Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. Netware FTP Server software supplies service for transferring files to and from Netware volumes. File transfers can be performed using any FTP client. A buffer...

6.5CVSS7.1AI score0.05089EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2010/02/18 12:0 a.m.•39 views

Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)

The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...

10CVSS7.3AI score0.72326EPSS
Exploits5
checkpoint_advisories
checkpoint_advisories
•added 2010/02/02 12:0 a.m.•39 views

Oracle Database Server Workspace Manager Multiple SQL Injection (CVE-2008-3982)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

5.5CVSS7.7AI score0.1143EPSS
Exploits3
checkpoint_advisories
checkpoint_advisories
•added 2010/02/02 12:0 a.m.•39 views

Microsoft Windows GDIplus PNG Chunk Processing Integer Overflow (MS09-062; CVE-2009-2501; CVE-2013-1331)

An integer overflow vulnerability exists in Microsoft Windows GDI+. The vulnerability is due to lack of input validation when Microsoft Windows GDI+ handles PNG files. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted PNG file. Successful...

9.3CVSS9.5AI score0.81877EPSS
Exploits5
checkpoint_advisories
checkpoint_advisories
•added 2010/02/01 12:0 a.m.•39 views

Update Protection against Sun Java System Application Server HTTP TRACE Vulnerability

Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method which can be leveraged by attackers to gain access to sensitive user information. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. A local or remote...

4.3CVSS6.1AI score0.01692EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2010/01/31 12:0 a.m.•39 views

IBM Tivoli Storage Manager Client CAD Service Buffer Overflow (CVE-2009-3853)

IBM Tivoli Storage Manager TSM Express is a backup solution which is designed to protect data from failures and other errors by storing backups and archiving data. The product is available for multiple platforms and various hardware architectures. A buffer overflow vulnerability exists in IBM...

9.3CVSS8AI score0.36717EPSS
Exploits8
checkpoint_advisories
checkpoint_advisories
•added 2009/12/12 12:0 a.m.•39 views

Update Protection against IBM Tivoli Storage Manager Client CAD Service Buffer Overflow

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Client software, a backup designed to protect data from failures and other errors by storing backups and archiving data. The vulnerability is due to a boundary error in the Client Acceptor Daemon CAD service while processing a...

9.3CVSS7.8AI score0.36717EPSS
Exploits8
checkpoint_advisories
checkpoint_advisories
•added 2009/11/09 12:0 a.m.•39 views

Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow (CVE-2007-2795)

Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is a server-side implementation of the IMAP protocol. There exists a heap overflow vulnerability in Ipswitch IMail Server IMAP component. The...

9CVSS7.9AI score0.24455EPSS
Exploits6
checkpoint_advisories
checkpoint_advisories
•added 2009/11/03 12:0 a.m.•39 views

Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)

Portable Document Format PDF is a file format for documents based on the PostScript description language. One of the products that is widely used to read PDF files is Adobe Acrobat Reader. This product is available on different platforms, including many versions of UNIX and Linux. There is a...

10CVSS7AI score0.08218EPSS
Exploits0
checkpoint_advisories
checkpoint_advisories
•added 2009/10/26 12:0 a.m.•39 views

Ipswitch IMail Web Calendaring Arbitrary File Read (CVE-2005-1252)

The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol...

5CVSS6.2AI score0.12499EPSS
Exploits2
checkpoint_advisories
checkpoint_advisories
•added 2009/09/08 12:0 a.m.•39 views

Microsoft Windows MP3 File Media Playback Memory Corruption (MS09-047; CVE-2009-2499)

MPEG-1 Audio Layer 3 MP3 is a file format which uses lossy compression to compress audio information. A remote code execution vulnerability has been reported in the way Microsoft Windows handles specially crafted MP3 media files. The vulnerability is due the Windows component responsible for...

8.5CVSS7.4AI score0.15546EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2009/07/28 12:0 a.m.•39 views

Internet Explorer Memory Corruption (MS09-034; CVE-2009-1917)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way that Internet Explorer handles a memory object. When Internet Explorer attempts to access an object that has been deleted, memory may be corrupted in such a way that an...

9.3CVSS7.5AI score0.27472EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2009/07/07 12:0 a.m.•39 views

Microsoft DirectShow Video ActiveX Control Stack Buffer Overflow (CVE-2008-0015)

The Microsoft Video Control object is a Microsoft ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. A stack buffer overflow vulnerability has been discovered in Microsoft DirectShow. The flaw is in the way Microsoft Video ActiveX contro...

9.3CVSS7.5AI score0.76647EPSS
Exploits10
checkpoint_advisories
checkpoint_advisories
•added 2009/05/08 12:0 a.m.•39 views

Update Protection against Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow

A buffer overflow vulnerability was reported in BEA WebLogic Server, an Application Server platform for large enterprise web applications. The vulnerability is due to a boundary error while parsing SSL certificates. A remote unauthenticated attacker can exploit this vulnerability by sending a...

8.5CVSS6.8AI score0.0203EPSS
Exploits1
checkpoint_advisories
checkpoint_advisories
•added 2007/10/01 12:0 a.m.•39 views

Preemptive Protection against EMC VMware Workstation DHCP Service Integer Underflow Vulnerability

An integer underflow vulnerability has been reported in the VMware DHCP service. VMware Workstation is a virtualization technology that allows running multiple instances of virtual computers simultaneously with the hosting operating system. The Dynamic Host Configuration Protocol DHCP provides...

10CVSS7.2AI score0.20413EPSS
Exploits2
checkpoint_advisories
checkpoint_advisories
•added 2007/08/16 12:0 a.m.•39 views

Security Best Practice: Protect Yourself against DNS Cache Poisoning

DNS cache poisoning occurs when false DNS records are injected into a DNS server's cache tables. Once the cache tables have been altered, a remote attacker may inspect, capture or corrupt any information exchanged between hosts on the network. By poisoning a DNS server, a remote attacker could, f...

8.8CVSS6.9AI score0.95182EPSS
Exploits25
checkpoint_advisories
checkpoint_advisories
•added 2006/11/14 12:0 a.m.•39 views

Preemptive Protection against Microsoft XML Remote Code Execution Vulnerability (MS06-071)

XMLHTTP, an ActiveX control that is included in Microsoft XML Core Services MSXML, is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications...

7.6CVSS4.7AI score0.75946EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
•added 2022/11/28 12:0 a.m.•38 views

GitLab Community and Enterprise Edition Cross-Site Scripting (CVE-2021-22242)

A stored cross-site scripting vulnerability exists in the Community edition and Enterprise edition of GitLab. The vulnerability is due to improper input validation...

3.5CVSS2.2AI score0.63555EPSS
Exploits0
Total number of security vulnerabilities5000