Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2021/10/19 12:0 a.m.•79 views

p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)

p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...

7.5CVSS8.4AI score0.84112EPSS
Exploits38
Check Point Advisories
Check Point Advisories
•added 2021/04/05 12:0 a.m.•79 views

FortiLogger Arbitrary File Upload (CVE-2021-3378)

An arbitrary file upload vulnerability exists in FortiLogger. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5AI score0.97512EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/07/19 12:0 a.m.•79 views

Microsoft Windows Media Player MIDI Remote Code Execution (MS12-004; CVE-2012-0003)

A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...

9.3CVSS7.2AI score0.69499EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2020/05/31 12:0 a.m.•79 views

FUEL CMS Remote Code Execution (CVE-2018-16763)

A command injection vulnerability exists in FUEL CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.82937EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2018/10/02 12:0 a.m.•79 views

ABB Panel Builder 800 Stack-based Buffer Overflow (CVE-2018-10616)

A stack-based buffer overflow exists in ABB Panel Builder. The vulnerability is due to an input validation error while processing a parameter for ABB Comli OPC driver setting...

9.3CVSS4.3AI score0.01209EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/13 12:0 a.m.•79 views

Microsoft Browser Information Disclosure (CVE-2017-8529)

An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file...

4.3CVSS1.7AI score0.14265EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•79 views

RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)

An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...

10CVSS4.1AI score0.63748EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2012/07/16 12:0 a.m.•79 views

Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...

10CVSS6.6AI score0.72596EPSS
Exploits22
Check Point Advisories
Check Point Advisories
•added 2022/10/02 12:0 a.m.•78 views

Cybelsoft ThinVNC Directory Traversal (CVE-2019-17662)

A Directory Traversal vulnerability exists in Cybelsoft ThinVNC. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

5CVSS5.5AI score0.96758EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2021/03/16 12:0 a.m.•78 views

Doctor Appointment System SQL Injection (CVE-2021-27314; CVE-2021-27315; CVE-2021-27316)

An SQL injection vulnerability exists in Doctor Appointment System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.2AI score0.12394EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2019/06/24 12:0 a.m.•78 views

WordPress Plugin WPGraphQL Information Disclosure (CVE-2019-9879; CVE-2019-9880; CVE-2019-9881)

An information disclosure vulnerability exists in WordPress Plugin WPGraphQL. A remote attacker could trigger this flaw by sending a crafted request. Successful exploitation may result in the disclosure of sensitive information...

7.5CVSS1.8AI score0.46614EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2018/07/03 12:0 a.m.•78 views

Command Injection Over HTTP Payload (CVE-2013-6719; CVE-2013-6720; CVE-2020-26728; CVE-2022-30105)

A command Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

10CVSS3.8AI score0.28583EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/06/13 12:0 a.m.•78 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8496)

A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to a CAttribute object being confused for a CAttrArray object by the PrivateFindInl method. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.3AI score0.51465EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•78 views

Git Client Path Validation Command Execution (CVE-2014-9390)

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a...

7.5CVSS2.7AI score0.63178EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/11/27 12:0 a.m.•78 views

Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)

A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...

10CVSS7.5AI score0.94534EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•78 views

MediaWiki Input Validation Remote Code Execution (CVE-2014-1610)

A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...

2.3AI score0.42777EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2009/09/08 12:0 a.m.•78 views

Microsoft IIS FTP Server Recursive Listing Denial of Service (CVE-2009-2521; CVE-2009-3023)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes an FTP server service for exchanging and manipulating files over a TCP computer network. A stack consumption vulnerability has been discovered in Microsoft Internet Information...

9CVSS6.2AI score0.90913EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2007/03/29 12:0 a.m.•78 views

Preemptive Protection against Sourcefire Intrusion Sensor and Snort DCE/RPC Preprocessor Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in Sourcefire Intrusion Sensor and in Snort DCE/RPC preprocessor. Sourcefire Snort is an open-source network intrusion detection system. Snort DCE/RPC preprocessor is a plug-in that reassembles fragmented SMB and DCE/RPC packets. A remote attack...

10CVSS7.6AI score0.79319EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2022/06/13 12:0 a.m.•77 views

SolarView Compact Command Injection (CVE-2022-29303)

A command injection vulnerability exists in SolarView Compact. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS6.1AI score0.97961EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•77 views

Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)

A remote code execution vulnerability exists in Micro Focus UCMDB. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.4AI score0.7699EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/09/21 12:0 a.m.•77 views

Cacti color.php SQL Injection (CVE-2020-14295)

A SQL injection vulnerability exists in Cacti. The vulnerability is due to improper sanitization of the filter request parameter in color.php...

6.5CVSS3.3AI score0.8633EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/07/03 12:0 a.m.•77 views

uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)

A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

5CVSS5.2AI score0.69907EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/02/25 12:0 a.m.•77 views

Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)

A type confusion vulnerability exists in Red Lion Crimson. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current user...

6.8CVSS3.2AI score0.01002EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•77 views

Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

9.3CVSS3.5AI score0.81628EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•77 views

Microsoft GDI EMF Image Processing Integer Overflow - Ver2 (CVE-2011-0041)

A integer overflow vulnerability has been reported in Microsoft GDI+. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.28157EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•77 views

Microsoft Windows Assembly Execution File Inclusion - Ver2 (CVE-2012-0013)

A file inclusion vulnerability has been reported in Microsoft Office. The vulnerability is due to ClickOnce application file types not being included in the Windows Packager unsafe file type list. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...

7AI score0.73753EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Wireshark DECT Dissector Stack Buffer Overflow - Ver2 (CVE-2011-1591)

A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...

9.3CVSS7.5AI score0.41744EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•77 views

Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)

A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...

7.5AI score0.62876EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/03/18 12:0 a.m.•77 views

Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service - Improved Confidence (CVE-2012-3526)

A denial of service vulnerability has been reported in Apache's HTTP Server. The vulnerability is caused due to an error while processing certain http headers. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to a target. Successful exploitation will lea...

5CVSS6.2AI score0.06952EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/08/16 12:0 a.m.•77 views

HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow (CVE-2010-1961; CVE-2010-1964)

The HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, and OpenView Network Node Manager. A buffer overflow vulnerabili...

10CVSS7.3AI score0.6911EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2010/05/02 12:0 a.m.•77 views

Sun Java System Web Server WEBDAV Stack Buffer Overflow (CVE-2010-0361)

Sun Microsystems' Java System Web Server is a high performance web server for medium to large business applications. It is available for all major platforms and supports Java, PHP, CGI and ColdFusion technologies. A stack buffer overflow vulnerability exists in Sun Java System Web Server. The...

10CVSS7.2AI score0.80521EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2022/05/30 12:0 a.m.•76 views

WordPress Tatsu Plugin Remote Code Execution (CVE-2021-25094)

A remote code execution vulnerability exists in WordPress Tatsu plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.6AI score0.83354EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2021/05/11 12:0 a.m.•76 views

Microsoft SharePoint Remote Code Execution (CVE-2021-31181)

A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.7AI score0.30045EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/02/18 12:0 a.m.•76 views

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.7AI score0.97714EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•76 views

ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)

A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrar...

7.5CVSS2.6AI score0.2508EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•76 views

Internet Explorer FTP Response Parsing Memory Corruption (MS07-016; CVE-2007-0217)

Microsoft Internet Explorer IE is a web browser application that is included as part of Microsoft Windows operating systems. Microsoft Windows Internet WinINet application programming interface API in Internet Explorer is a component to serve as application interface for Internet protocols, such ...

10CVSS7.3AI score0.60813EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/10/25 12:0 a.m.•75 views

Eaton HMiSoft Stack Buffer Overflow (CVE-2020-10639)

A stack buffer overflow vulnerability exists in Eaton HMiSoft. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...

6.8CVSS7.9AI score0.00805EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/05/27 12:0 a.m.•75 views

Zoho ManageEngine DataSecurity Plus Authentication Bypass (CVE-2020-11532)

An authentication bypass vulnerability exists in Zoho ManageEngine DataSecurity Plus. The vulnerability is due to the presence of hardcoded default credentials for the Dataengine Xnode server component...

10CVSS2.1AI score0.77477EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/05/24 12:0 a.m.•75 views

Sonatype Nexus Repository Manager Remote Code Execution (CVE-2020-10199)

A remote code execution vulnerability exists in Sonatype Nexus Repository Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.1AI score0.99064EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•75 views

Microsoft Office RTF Stack Buffer Overflow (MS10-087) - Ver2 (CVE-2010-3333)

RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. . The vulnerability is due to an error in Microsoft Office that fails to...

9.3CVSS5.1AI score0.89497EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2014/11/18 12:0 a.m.•75 views

Moodle Spellcheck Remote Command Execution (CVE-2013-3630)

A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...

4.6CVSS3.9AI score0.42566EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•75 views

Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

9.3CVSS3.5AI score0.81628EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•75 views

Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)

A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...

10CVSS4AI score0.23425EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2010/07/07 12:0 a.m.•75 views

Microsoft Excel Malformed File Format Parsing Code Execution (MS06-012; CVE-2006-0028)

Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available in several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...

5.1CVSS7.3AI score0.16247EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/04/19 12:0 a.m.•74 views

Microsoft RPC Remote Code Execution (CVE-2022-26809)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.6AI score0.91316EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2020/09/21 12:0 a.m.•74 views

OpenSIS SQL Injection (CVE-2020-6637; CVE-2020-6137; CVE-2020-6138; CVE-2020-6139; CVE-2020-6140; CVE-2020-6141)

An SQL injection vulnerability exists in OpenSIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.20058EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/09/13 12:0 a.m.•74 views

Seowon Intech Remote Code Execution (CVE-2020-17456)

A remote code execution vulnerability exists in Seowon Intech SLC130. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.71691EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/03/19 12:0 a.m.•74 views

Intellian Aptus Web Remote Code Execution (CVE-2020-7980)

A remote code execution vulnerability exists in Intellian Aptus Web. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS6.2AI score0.82956EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/02/25 12:0 a.m.•74 views

Delta Industrial Automation CNCSoft Buffer Overflow (CVE-2019-10947)

A buffer overflow vulnerability exists in Delta Industrial Automation CNCSoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

6.8CVSS6AI score0.03666EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/01/08 12:0 a.m.•74 views

Microsoft Internet Explorer Remote Code Execution (CVE-2019-0541)

A remote code execution vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.6AI score0.53202EPSS
Exploits4
Total number of security vulnerabilities5000