Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•37 views

Microsoft Message Queue QMGetRemoteQueueName Buffer Overflow - Ver2 (CVE-2008-3479)

A buffer overflow vulnerability has been reported in Microsoft Windows 2000. An attacker could exploit this vulnerability via a crafted RPC call, related to improper processing of parameters to string APIs. Successful exploitation of this vulnerability could allow a remote attacker to execute...

10CVSS7.3AI score0.44474EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•37 views

RealNetworks RealPlayer MPG Width Integer Underflow Memory Corruption - Ver2 (CVE-2011-4259)

A memory corruption vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to an integer underflow condition caused while handling MPEG-2 files with a specially crafted width parameter. An attacker could exploit this vulnerability by enticing a target user to open a...

9.3CVSS7.2AI score0.02889EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/20 12:0 a.m.•37 views

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)

A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...

4.3CVSS3.5AI score0.03923EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/10/13 12:0 a.m.•37 views

ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations...

7.5CVSS2.9AI score0.26197EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/09/28 12:0 a.m.•37 views

ManageEngine EventLog Analyzer agentUpload Directory Traversal (CVE-2014-6037)

A code execution vulnerability has been reported in ManageEngine EventLog Analyzer. The vulnerability is due to lack of authentication and insufficient input validation in agentUpload when processing zip files. A remote unauthenticated attacker can exploit this vulnerability by sending a speciall...

7.5CVSS3.5AI score0.84182EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•37 views

FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)

A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny servi...

5CVSS6.4AI score0.03651EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/04 12:0 a.m.•37 views

Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)

A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with t...

9.3CVSS7.5AI score0.04072EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•37 views

Microsoft Windows Media Player ASX Parsing Buffer Overflow - Ver2 (CVE-2006-6134)

A buffer overflow vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to a buffer overflow error when processing malformed ASX file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS7.4AI score0.41285EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•37 views

Microsoft SCCM Reflected Cross-site Scripting (MS12-062) - Ver2 (CVE-2012-2536)

A cross-site scripting vulnerability has been reported in Microsoft System Center Configuration Manager SCCM. The vulnerability is due to an error in the way System Center Configuration Manager handles specially crafted requests. A remote attacker can exploit this issue by enticing a target user ...

4.3CVSS5.4AI score0.16162EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/26 12:0 a.m.•37 views

Apple Products SSLVerifySignedServerKeyExchange Security Feature Bypass (CVE-2014-1266)

There exists a security feature bypass vulnerability in Apple products. The vulnerability is due to the SSLVerifySignedServerKeyExchange function in the Secure Transport feature not checking the signature in a TLS Server Key Exchange message. This vulnerability allows man-in-the-middle attackers ...

6.1AI score0.05715EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/02/03 12:0 a.m.•37 views

Microsoft Indexing Service Loop Counter Underwrap Code Execution - Ver2 (CVE-2009-2507)

A remote code execution vulnerability has been reported in the Microsoft Indexing Service. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious Web page. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...

7.5AI score0.19291EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/01/28 12:0 a.m.•37 views

MSXML Response Handling Memory Corruption - Ver2 (CVE-2010-2561)

A memory corruption vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to a bug in the way MSXML handles HTTP responses. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2AI score0.24865EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/12/31 12:0 a.m.•37 views

Suspicious Javascript Containing Overly Long Strings (CVE-2013-2551)

Javascript may contain variables assigned with overly long strings. This behavior may indicate an exploitation attempt...

9.3CVSS8AI score0.74096EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/12/02 12:0 a.m.•37 views

AutoSec Tools V-CMS inline_image_upload.php PHP File Upload And Execution (CVE-2011-4828)

An arbitrary file upload vulnerability has been reported in AutoSec Tools V-CMS...

6.6AI score0.65485EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/10/13 12:0 a.m.•37 views

HP Data Protector CRS Opcode 215 and 263 Stack Buffer Overflow (CVE-2013-2328)

Two stack buffer overflows have been discovered in HP Data Protector...

6.7AI score0.61043EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/10/13 12:0 a.m.•37 views

Microsoft Windows RAS Manager Registry Corruption (CVE-2006-2371)

A buffer overflow vulnerability has been reported in Microsoft Routing and Remote Access Service. The flaw is caused by improper boundary checking of user-supplied data to the Routing and Remote Access service. A remote attacker may leverage this vulnerability by sending a crafted request to the...

7.5CVSS7.5AI score0.21943EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/09/03 12:0 a.m.•37 views

HP Data Protector CRS Opcode 227 Stack Buffer Overflow (CVE-2013-2335)

A stack buffer overflow vulnerability has been discovered in HP Data Protector. The vulnerability exists in the Cell Request Service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 227, which can result in a stack buffer overflow. A remote,...

10CVSS7.7AI score0.61043EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/07/09 12:0 a.m.•37 views

Microsoft Internet Explorer Deleted Object Memory Corruption (MS13-055; CVE-2013-3143)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.32748EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•37 views

IBM Java ProxyUtil Sandbox Breach (CVE-2012-4820)

A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to an access control failure in the "com.ibm.rmi.util.ProxyUtil" package. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page...

9.3CVSS4.9AI score0.05086EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/01/08 12:0 a.m.•37 views

Microsoft Windows MSXML XSLT Remote Code Execution (MS13-002; CVE-2013-0007)

A remote code execution vulnerability has been reported in Microsoft Windows...

7.3AI score0.31574EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2012/01/17 12:0 a.m.•37 views

Cisco NX-OS Interface Commands Privilege Escalation (CVE-2011-2569)

A command execution vulnerability has been reported in Cisco NX-OS...

6.7AI score0.00327EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2011/11/15 12:0 a.m.•37 views

Multiple Products IASystemInfo.DLL ActiveX Control Buffer Overflow (CVE-2007-0348)

A remote code execution vulnerability has been reported in multiple products containing the IASystemInfo.DLL ActiveX control. The vulnerability is due to a data validation failure by the ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a...

9.3CVSS7.4AI score0.35137EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2010/12/14 12:0 a.m.•37 views

Internet Explorer 6 HTML Object Memory Corruption (MS10-090; CVE-2010-3343)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted. To trigger this...

9.3CVSS7.3AI score0.28886EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/05/24 12:0 a.m.•37 views

IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows (CVE-2009-2753)

Informix is a family of relational database management system RDBMS products by IBM. IBM Informix Dynamic Server is an online transaction processing data server. Multiple buffer overflow vulnerabilities has been reported in IBM's Informix Dynamic Server. The vulnerabilities are due to insufficien...

10CVSS7.7AI score0.10923EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/04/23 12:0 a.m.•37 views

Update Protection against Novell iPrint Client ienipp.ocx volatile-date-time Parsing Buffer Overflow

A buffer overflow vulnerability exists in Novell iPrint Client, an application that allows users to install and manage printers, or submit print jobs from a web browser. The vulnerability is due to a boundary error when parsing malicious 'persistence' parameter values. A remote attacker can explo...

9.3CVSS7.2AI score0.37524EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2009/12/28 12:0 a.m.•37 views

Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)

A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...

6CVSS6.4AI score0.63627EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/10/12 12:0 a.m.•37 views

RealNetworks Helix Server RTSP SET_PARAMETER Heap Buffer Overflow (CVE-2009-2533)

Helix Server is a multi-media server that is designed to serve streaming and static audio and video content. Helix project, Helix Server being part of it, is intended as a largely free software/open source digital media framework that runs on numerous operating systems and processors including...

5CVSS7.8AI score0.03396EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/10/05 12:0 a.m.•37 views

Apple QuickTime PictureViewer Buffer Overflow (CVE-2005-0903; CVE-2005-2340)

Apple QuickTime PictureViewer is an image viewer that supports many image file formats. JPEG is one of the image formats supported by this product. A vulnerability exists in the PictureViewer component of the Apple QuickTime products. The affected product does not correctly process JPEG image...

7.5CVSS7.8AI score0.25506EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/09/29 12:0 a.m.•37 views

Symantec Altiris Deployment Solution ActiveX File Download (CVE-2009-3028)

The Symantec Altiris Deployment Solution software provides tools to deploy and configure software across hardware platforms and operating systems. A remote program execution vulnerability exists in Symantec Altiris Deployment Solution. The vulnerability is caused due to the Altiris.AeXNSPkgDL.1...

6.8CVSS7AI score0.42598EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/09/24 12:0 a.m.•37 views

Oracle Secure Backup Administration Server Command Injection (CVE-2009-1978)

Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The vulnerability is due to a flaw in the logic used to authenticate a user to the administration server. Successful exploitation of this vulnerability allows remote attackers to bypass authentication on...

9CVSS6.3AI score0.64694EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2009/06/09 12:0 a.m.•37 views

Internet Explorer Rows Object Memory Corruption (MS09-019; CVE-2009-1532)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To...

9.3CVSS7.4AI score0.36761EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/08/18 12:0 a.m.•37 views

Cisco WebEx Meeting Manager ActiveX Control Buffer Overflow (CVE-2008-3558)

The Webex Meeting Manager is a client-side program that is provided by the Cisco Webex meeting service, an online collaboration suite. A buffer overflow vulnerability has been reported in the Cisco Webex Meeting Manager application.The vulnerability is due to a boundary error in a Cisco Webex...

9.3CVSS7.3AI score0.65391EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2008/06/17 12:0 a.m.•37 views

IBM Lotus Domino Web Server HTTP Header Buffer Overflow (CVE-2008-2240)

IBM Lotus Domino is a server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. A stack buffer overflow vulnerability was reported in the IBM Lotus Domino Web Server application. The vulnerability is due to an error in the IBM Lotus Domino...

10CVSS7.5AI score0.64815EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2008/05/29 12:0 a.m.•37 views

Microsoft Windows Speech Components sapi.dll Code Execution (MS08-032; CVE-2007-0675)

The ActiveX Speech Components sapi.dll is part of the Microsoft Speech Application Programming Interface SAPI that allows the use of speech recognition and speech synthesis within Windows applications. A remote code execution vulnerability has been reported in the ActiveX Speech Components...

7.6CVSS7.1AI score0.1722EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/04/08 12:0 a.m.•37 views

Yahoo! Music Jukebox ActiveX Control Multiple Buffer Overflows (CVE-2008-0623; CVE-2008-0624; CVE-2008-0625)

Yahoo! Music Jukebox is a freeware media player for Microsoft Windows. Multiple buffer overflow vulnerabilities have been reported in Yahoo! Music Jukebox. The vulnerabilities are due to boundary errors in certain Yahoo! Music Jukebox ActiveX controls. To trigger these issues, an attacker may...

4.3CVSS7.5AI score0.09151EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2007/11/05 12:0 a.m.•37 views

Sun Java Web Start dnsResolve ActiveX Buffer Overflow (CVE-2007-5019)

Microsoft SQL Server is a Relational Database Management System RDBMS that can be managed through Distributed Management Objects DMO. A remote attacker can exploit this issue to execute arbitrary code on vulnerable server...

10CVSS7.7AI score0.10465EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2007/10/10 12:0 a.m.•37 views

IBM and Lenovo Access Support acpRunner ActiveX Security Bypass (CVE-2007-2928; CVE-2007-2929; CVE-2007-2940)

The Access Support software package for IBM and Lenovo systems includes several ActiveX controls. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious web page. Successful exploitation could result in remote code execution ...

6.8CVSS7.4AI score0.06526EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2007/09/18 12:0 a.m.•37 views

Update Protection against Multiple Trend Micro ServerProtect Buffer Overflow Vulnerabilities

Trend Micro ServerProtect is prone to multiple buffer overflow vulnerabilities. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit these issues to execute arbitrary code on a vulnerable system via a specially craft...

10CVSS5.5AI score0.13021EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2007/07/31 12:0 a.m.•37 views

Preemptive Protection against Ipswitch IMail Server IMAP SEARCH Command Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Ipswitch IMail Server IMAP component. Ipswitch IMail server is a messaging service suite that supports numerous mail exchanging protocols, including the Internet Message Access Protocol IMAP. IMAP is a standard protocol for accessing e-mail from a local...

9CVSS7.2AI score0.24455EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2007/04/04 12:0 a.m.•37 views

Preemptive Protection against Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017)

A remote code execution vulnerability has been reported in the animated cursor code in Microsoft Windows. A remote attacker can exploit this vulnerability via a specially crafted ANI file. Animated cursors files ANI allow a series of frames to appear at the mouse pointer location instead of a...

9.3CVSS7.2AI score0.7288EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2006/06/20 12:0 a.m.•37 views

IMAP Directory Traversal (CAN-2005-1902; CAN-2006-2414)

...

5CVSS2.9AI score0.03554EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/28 12:0 a.m.•36 views

Kamailio SIP Server Out of Bounds Read (CVE-2018-14767)

An out-of-bounds read vulnerability exists in Kamailio . Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

7.5CVSS3AI score0.29303EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/24 12:0 a.m.•36 views

Barangay Management System Arbitrary File Upload (CVE-2022-34120)

An arbitrary file upload vulnerability exists in Barangay Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.8AI score0.17467EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/22 12:0 a.m.•36 views

Netgear R6200v2 Command Injection (CVE-2022-30079)

A command injection vulnerability exists in Netgear R6200v2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

5.8AI score0.24702EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/20 12:0 a.m.•36 views

Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)

A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...

3.5CVSS3.2AI score0.88476EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/03 12:0 a.m.•36 views

D-Link DIR882 Command Injection (CVE-2022-28895; CVE-2022-28896)

A command injection vulnerability exists in D-Link DIR882. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.6AI score0.0364EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•36 views

Dolibarr ERP and CRM Code Injection (CVE-2022-0819)

A code injection vulnerability exists in the Dolibarr ERP/CRM package. The vulnerability is due to insufficient input validation on user provided data...

6.5CVSS3.2AI score0.43578EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•36 views

Apache Airflow Command Injection (CVE-2022-24288)

A command injection vulnerability exists in Apache Airflow. This vulnerability is due to improper input validation for parameters for directed acyclic graphs DAGs...

6.5CVSS4.9AI score0.7788EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/10/13 12:0 a.m.•36 views

Adobe ColdFusion Improper Access to a Restricted Directory (APSB22-44: CVE-2022-38418)

An improper access to a restricted directory vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

6.3AI score0.80023EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/08/16 12:0 a.m.•36 views

dotCMS Arbitrary File Upload (CVE-2022-26352; CVE-2018-5445)

An arbitrary file upload vulnerability exists in dotCMS. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

6.8CVSS5.2AI score0.91501EPSS
Exploits4
Total number of security vulnerabilities5000