Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)

A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...

7.5AI score0.62876EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Wireshark DECT Dissector Stack Buffer Overflow - Ver2 (CVE-2011-1591)

A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...

9.3CVSS7.5AI score0.41744EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2013/03/18 12:0 a.m.•77 views

Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service - Improved Confidence (CVE-2012-3526)

A denial of service vulnerability has been reported in Apache's HTTP Server. The vulnerability is caused due to an error while processing certain http headers. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to a target. Successful exploitation will lea...

5CVSS6.2AI score0.06952EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/08/16 12:0 a.m.•77 views

HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow (CVE-2010-1961; CVE-2010-1964)

The HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, and OpenView Network Node Manager. A buffer overflow vulnerabili...

10CVSS7.3AI score0.6911EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2010/05/02 12:0 a.m.•77 views

Sun Java System Web Server WEBDAV Stack Buffer Overflow (CVE-2010-0361)

Sun Microsystems' Java System Web Server is a high performance web server for medium to large business applications. It is available for all major platforms and supports Java, PHP, CGI and ColdFusion technologies. A stack buffer overflow vulnerability exists in Sun Java System Web Server. The...

10CVSS7.2AI score0.80521EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2022/11/20 12:0 a.m.•76 views

iSharer and upRedSun File Sharing Wizard Buffer Overflow (CVE-2019-16724)

A buffer overflow vulnerability exists in iSharer and upRedSun File Sharing Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS4.9AI score0.72158EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2021/05/11 12:0 a.m.•76 views

Microsoft SharePoint Remote Code Execution (CVE-2021-31181)

A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.7AI score0.30045EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/05/05 12:0 a.m.•76 views

Apache Solr Server-Side Request Forgery (CVE-2021-27905)

A sever-side request forgery vulnerability exists in Apache Solr. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and external serv...

7.5CVSS1.3AI score0.93053EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•76 views

Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

9.3CVSS3.5AI score0.81628EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•76 views

ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)

A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrar...

7.5CVSS2.6AI score0.2508EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•76 views

Internet Explorer FTP Response Parsing Memory Corruption (MS07-016; CVE-2007-0217)

Microsoft Internet Explorer IE is a web browser application that is included as part of Microsoft Windows operating systems. Microsoft Windows Internet WinINet application programming interface API in Internet Explorer is a component to serve as application interface for Internet protocols, such ...

10CVSS7.3AI score0.60813EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/09/12 12:0 a.m.•75 views

WordPress BackupBuddy Plugin Arbitrary File Read (CVE-2022-31474)

An arbitrary file read vulnerability exists in WordPress BackupBuddy Plugin. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access and read arbitrary file...

4.7AI score0.63761EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/02/10 12:0 a.m.•75 views

StumbleUpon OpenTSDB Remote Code Execution (CVE-2020-35476)

A remote code execution vulnerability exists in StumbleUpon OpenTSDB. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.8533EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/11/18 12:0 a.m.•75 views

Arbitrary Code Execution Over HTTP Traffic (CVE-2011-2523; CVE-2019-18345; CVE-2019-19143; CVE-2020-15492; CVE-2020-16210; CVE-2020-21526; CVE-2020-24379; CVE-2020-6142; CVE-2020-8010; CVE-2020-9380)

Arbitrary Code Execution Over HTTP Traffic...

10CVSS1AI score0.96184EPSS
Exploits61
Check Point Advisories
Check Point Advisories
•added 2020/10/25 12:0 a.m.•75 views

Eaton HMiSoft Stack Buffer Overflow (CVE-2020-10639)

A stack buffer overflow vulnerability exists in Eaton HMiSoft. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...

6.8CVSS7.9AI score0.00805EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/11/26 12:0 a.m.•75 views

Evernote Directory Traversal (CVE-2019-10038)

A directory traversal vulnerability exists in Evernote. This vulnerability is due to improper validation of embedded links in notes. Successful exploitation could result in arbitrary program execution...

4.4CVSS5.2AI score0.01307EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•75 views

Microsoft Office RTF Stack Buffer Overflow (MS10-087) - Ver2 (CVE-2010-3333)

RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. . The vulnerability is due to an error in Microsoft Office that fails to...

9.3CVSS5.1AI score0.89497EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2014/11/18 12:0 a.m.•75 views

Moodle Spellcheck Remote Command Execution (CVE-2013-3630)

A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...

4.6CVSS3.9AI score0.42566EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•75 views

Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

9.3CVSS3.5AI score0.81628EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•75 views

Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)

A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...

10CVSS4AI score0.23425EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2010/07/07 12:0 a.m.•75 views

Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012; CVE-2006-0028)

Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available in several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...

5.1CVSS7.3AI score0.16247EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/04/19 12:0 a.m.•74 views

Microsoft RPC Remote Code Execution (CVE-2022-26809)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.6AI score0.91316EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2021/03/28 12:0 a.m.•74 views

ONLYOFFICE DocumentServer Remote Code Execution (CVE-2021-25831; CVE-2021-25830; CVE-2021-25833)

A remote code execution vulnerability exists in ONLYOFFICE DocumentServer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.43534EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/01/08 12:0 a.m.•74 views

Microsoft Internet Explorer Remote Code Execution (CVE-2019-0541)

A remote code execution vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.6AI score0.53202EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2018/11/18 12:0 a.m.•74 views

Microsoft SQL Server Management Studio XXE Injection Information Disclosure (CVE-2018-8527; CVE-2018-8532; CVE-2018-8533)

Multiple information disclosure vulnerabilities exist in Microsoft SQL Server Management Studio. The vulnerabilities are due to a flaw when parsing a malicious XEL/XML/XMLA file containing a reference to an external entity. A remote authenticated attacker could exploit these vulnerabilities by...

4.3CVSS1.4AI score0.23373EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2018/03/28 12:0 a.m.•74 views

Microsoft Windows CredSSP MITM Remote Code Execution (CVE-2018-0886)

A remote code execution vulnerability exists in CredSSP. The vulnerability due to how CredSSP validates request during the authentication process. A remote attacker can exploit this vulnerability by sending a specially crafted RDP request to the target...

7.6CVSS4.9AI score0.82334EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•74 views

Cross-Site Scripting (CVE-2005-0543; CVE-2014-4075; CVE-2014-4116; CVE-2014-6325; CVE-2014-6365; CVE-2015-1636; CVE-2015-1640; CVE-2015-1757)

...

4.3CVSS6.4AI score0.24698EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/04/13 12:0 a.m.•74 views

Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.96889EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2011/02/24 12:0 a.m.•74 views

Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)

Microsoft Excel is a popular spreadsheet application. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A buffer overflow vulnerability has been reported in Microsoft Excel...

9.3CVSS7.2AI score0.56461EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•73 views

Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)

A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...

7.5CVSS1.4AI score0.02109EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•73 views

Microsoft Windows Media Player MIDI Code Execution (MS12-004) - Ver2 (CVE-2012-0003)

A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...

9.3CVSS7.2AI score0.69499EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•73 views

HP Operations Agent Opcode Stack Buffer Overflow - Ver2 (CVE-2012-2019)

A stack-based buffer overflow vulnerability has been reported in HP Operations Agent. The vulnerability is due to a bound checking error when processing requests containing certain opcodes. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server...

10CVSS3.4AI score0.64685EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/03/25 12:0 a.m.•73 views

Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...

9CVSS8.4AI score0.50324EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•73 views

Belkin Linksys WRT110 Remote Command Execution - Ver2 (CVE-2013-3568)

A remote command execution vulnerability has been reported in Belkin Linksys WRT110 firmware. The vulnerability is due to the Web interface's failure to sanitize ping targets as well as a lack of CSRF tokens. A remote attacker could exploit this vulnerability by sending a malicious HTTP request t...

6.8CVSS2.5AI score0.25129EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•73 views

Microsoft Windows Font Library File Buffer Overflow - Ver2 (CVE-2011-2003)

A buffer overflow vulnerability has been reported in Microsoft Windows. The vulnerability is due to an input validation error when the kernel parses a .FON font file. A remote attacker could exploit this issue by enticing a target user to open a specially crafted .FON file...

5.1AI score0.27772EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/09/19 12:0 a.m.•73 views

Chasys Draw IES BMP Buffer Overflow (CVE-2013-3928)

A buffer overflow vulnerability has been reported in Chasys Draw IES. The vulnerability is due to an image parsing input validation error in Chasys Draw IES when parsing a file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file. Successful exploitation will...

9.3CVSS7.2AI score0.37328EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/03/25 12:0 a.m.•73 views

Update Protection against Mozilla Firefox JIT escape Function Memory Corruption

A memory corruption vulnerability exists in Mozilla Firefox, a web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles JIT Just-in-Time escape Function calls. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious we...

9.3CVSS9AI score0.42689EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•73 views

Microsoft IIS ISAPI Extension Indexing Service Buffer Overflow (MS01-033; CVE-2001-0500)

The Internet Information Server IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server component that is capable of serving static, as well as dynamic content. There exists a vulnerability in ISAPI extension idq.dll in...

10CVSS7.7AI score0.96731EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/12/06 12:0 a.m.•73 views

HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...

10CVSS7.7AI score0.69613EPSS
Exploits28
Check Point Advisories
Check Point Advisories
•added 2009/10/13 12:0 a.m.•73 views

Internet Explorer Data Stream Header Corruption (MS09-054; CVE-2009-1547)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way Internet Explorer processes data stream headers. The vulnerability occurs when Internet Explorer processes a specially crafted data stream header, it may corrupt system...

9.3CVSS7.5AI score0.37436EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/10/11 12:0 a.m.•73 views

UltraVNC VNCViewer Authenticate Buffer Overflow (CVE-2009-0388)

Virtual Network Computing VNC is a graphical desktop sharing technology that uses the Remote Frame Buffer RFB protocol to remotely control another computer. The controller computer client or viewer sends keyboard and mouse events to the controlled computer server; the controlled computer sends...

10CVSS7.5AI score0.13334EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2007/08/21 12:0 a.m.•73 views

Update Protection against Trend Micro ServerProtect CreateBinding DCE-RPC Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...

10CVSS7.6AI score0.77194EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2006/02/22 12:0 a.m.•73 views

WMF and EMF Files (CVE-2005-2123; CVE-2005-2124; CVE-2005-4560; CVE-2006-0020)

...

9.3CVSS6.4AI score0.86476EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2021/05/27 12:0 a.m.•72 views

Subrion CMS Remote Code Execution (CVE-2018-19422)

A remote code execution vulnerability exists in Subrion CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.5AI score0.64261EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•72 views

Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)

A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...

5CVSS3.6AI score0.04404EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/01/02 12:0 a.m.•72 views

MongoDB mongo-express Remote Code Execution (CVE-2019-10758)

A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.6AI score0.84845EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/12/15 12:0 a.m.•72 views

Apache Solr Remote Code Execution (CVE-2019-0193)

A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...

9CVSS3.6AI score0.83547EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/09/05 12:0 a.m.•72 views

WordPress Plainview Activity Monitor Plugin Command Injection (CVE-2018-15877)

A command injection vulnerability exists in WordPress Plainview Activity Monitor plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the affected system...

9CVSS7.3AI score0.7699EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•72 views

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

6.4CVSS1.7AI score0.92719EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/10/06 12:0 a.m.•72 views

Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)

An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...

7.5CVSS6.5AI score0.64487EPSS
Exploits9
Total number of security vulnerabilities5000