Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2010/05/26 12:0 a.m.•35 views

Microsoft Excel Malformed SELECTION Record Code Execution (MS06-037; CVE-2006-1301)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

9.3CVSS7.4AI score0.09824EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/04/13 12:0 a.m.•35 views

Microsoft SMB Client Memory Allocation Memory Corruption (MS10-020; CVE-2010-0269)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A elevation of privilege vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation. The vulnerability is due to an error in the Microsoft SMB client...

10CVSS6.8AI score0.28401EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/21 12:0 a.m.•35 views

Firebird XDR Operation Request Handling Denial of Service (CVE-2008-0387)

There exists a null-dereference overflow vulnerability in Firebird database project. The flaw resides in the External Data Representation XDR protocol processing routines. A remote unauthenticated attacker may exploit this vulnerability by sending crafted message to the target server. Successful...

7.8CVSS6.4AI score0.45873EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2009/12/06 12:0 a.m.•35 views

Microsoft XML Core Services Memory Corruption (MS07-042; CVE-2007-2223)

Microsoft Windows is shipped with an XML processing framework, named MSXML or Microsoft XML Core services. The framework is used by applications shipped with the operating system as well as third party applications. The most popular application using this framework is Internet Explorer, which can...

9.3CVSS7.5AI score0.48722EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/11/18 12:0 a.m.•35 views

Internet Explorer daxctle.ocx KeyFrame Method Memory Corruption (MS06-067; CVE-2006-4777)

Microsoft Internet Explorer IE is a web browser application that is capable rendering both static and dynamic contents. The application supports the ActiveX technology, which is a feature extension framework. IE is installed with a set of ActiveX controls including the DirectAnimation package...

7.6CVSS7.4AI score0.78755EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2009/11/03 12:0 a.m.•35 views

Multiple Browsers Telnet URI Handler File Manipulation (CVE-2004-0411; CVE-2004-0473)

There exists a vulnerability that affects various web-browsers. Insufficient input validation for telnet URI e.g., telnet://hostname can cause the Telnet software activated by the browsers to treat specially crafted Telnet URI as command-line options. As such, a malicious attacker may be able to...

7.5CVSS6.1AI score0.07778EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/08/27 12:0 a.m.•35 views

RealNetworks Helix Server RTSP SETUP Request Denial of Service (CVE-2009-2534)

Helix Server is a multi-media server that is designed to serve streaming and static audio and video content. A denial of service vulnerability has been reported in RealNetworks Helix Server. The vulnerability is due to an error in the way RealNetworks Helix Server handles SETUP requests. A remote...

5CVSS6.1AI score0.08827EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/08/11 12:0 a.m.•35 views

Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038; CVE-2009-1545)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...

9.3CVSS7.6AI score0.28592EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/06/09 12:0 a.m.•35 views

Internet Explorer XMLHttpRequest Calls Improper Handling (MS09-019; CVE-2009-1528)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To...

9.3CVSS7.4AI score0.35258EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/04/30 12:0 a.m.•35 views

Update Protection against Oracle Application Server BPEL Module Cross Site Scripting

Oracle Application Server is vulnerable to cross-site scripting due to lack of validation of user supplied data. Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw may be exploited by attackers to execute arbitrary...

5.5CVSS6.3AI score0.01018EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/03/10 12:0 a.m.•35 views

Microsoft DNS Server Validation Spoofing Weakness (MS09-008; CVE-2009-0233; CVE-2009-0234)

Multiple spoofing vulnerabilities have been reported in Windows DNS server. These vulnerabilities could allow a remote attacker to spoof responses and insert records into the DNS server's cache. The DNS caching resolver service saves the responses to DNS queries so that the DNS server is not...

6.4CVSS6.8AI score0.34442EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/12/09 12:0 a.m.•35 views

Microsoft Windows search-ms Protocol Handler Command Execution (MS08-075; CVE-2008-4269)

Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types.Windows Search has XML-based files that save information about a search in Windows. A remote code execution vulnerability was reported in Windows Explorer which allo...

8.5CVSS7.1AI score0.20516EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2008/10/31 12:0 a.m.•35 views

Update Protection against CA Multiple Products ActiveX Control Buffer Overflow Vulnerability

A vulnerability was reported in multiple Computer Associates CA products. These products are all intended for enhancing corporate and client security. The vulnerability is due to insufficient boundary checking in the parameters passed to the affected ActiveX control installed by the products list...

9.3CVSS7.4AI score0.3901EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2008/09/09 12:0 a.m.•35 views

Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052; CVE-2004-0904; CVE-2008-3015)

Bitmap BMP is an image file format used to store bitmap digital images. A remote code execution vulnerability has been discovered in the way GDI+ handles integer calculations for BMP files. The vulnerability is due to a buffer overflow when GDI+ fails to properly processes a malformed header in a...

10CVSS7.7AI score0.39272EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/08/12 12:0 a.m.•35 views

Microsoft Excel FORMAT Record Array Index Memory Corruption (MS08-043; CVE-2008-3005)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel handles index array records. The vulnerability is due to an error in Microsoft Excel that fails to properly validate index array records when loading Excel...

9.3CVSS7.5AI score0.31934EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2008/05/09 12:0 a.m.•35 views

Update Protection against Borland StarTeam Multicast Service HTTP Handling Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Borland StarTeam Multicast Service. Borland StarTeam is a software change and configuration management tool, designed for both centralized and geographically distributed software development environments. A remote attacker might exploit this...

9.3CVSS7.6AI score0.31024EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2008/04/08 12:0 a.m.•35 views

Microsoft Windows GDI Metafile Image Handling Heap Overflow (MS08-021; CVE-2008-1083)

The Microsoft Windows graphics device interface GDI enables applications to use graphics and formatted text on the video display and on the printer.WMF and EMF are image formats used in many Windows programs including Internet Explorer and Outlook. A remote code execution vulnerability has been...

9.3CVSS7.9AI score0.57102EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2007/12/18 12:0 a.m.•35 views

Update Protection against Microsoft Windows Message Queuing Remote Code Execution Vulnerability (MS07-065)

A buffer overflow vulnerability exists in Microsoft Windows Message Queuing Service. Microsoft Message Queuing MSMQ is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are...

9CVSS6.6AI score0.69055EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2007/07/10 12:0 a.m.•35 views

Microsoft Excel Version Information Handling Code Execution (MS07-036; CVE-2007-1756; CVE-2007-3030; CVE-2008-0081)

Microsoft Excel is a popular spreadsheet application. Multiple vulnerabilities have been identified in Microsoft Excel. A remote attacker could exploit these issues via a malformed Excel file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target syste...

9.3CVSS7.2AI score0.57908EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2007/03/11 12:0 a.m.•35 views

Novell NetMail WebAdmin Username Stack Buffer Overflow (CVE-2007-1350)

Novell NetMail is an electronic mail server product that supports various email access and exchange protocols, including IMAP Internet Message Access Protocol and NMAP Network Messaging Application Protocol.WebAdmin is a browser based administrative tool used to manage NetMail...

6.8CVSS6.3AI score0.19398EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2007/01/15 12:0 a.m.•35 views

3Com TFTP Server Transporting Mode Remote Buffer Overflow (CVE-2006-6183)

Trivial File Transfer Protocol TFTP is a protocol used for transferringfiles, allowing remote users to download and upload files to the server. TheTFTP server communicates with clients over UDP port 69. 3Com TFTP Server is a TFTP server service used for easier transfer of filesto or from the...

10CVSS7.4AI score0.7057EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2006/07/16 12:0 a.m.•35 views

Update Protection against ASP.NET Information Disclosure Vulnerability (MS06-033)

ASP.NET is collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. An information disclosure vulnerability exists in ASP.Net that could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the...

5CVSS3.9AI score0.37158EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2005/10/11 12:0 a.m.•35 views

Microsoft Distributed Transaction Coordinator Memory Corruption (MS05-051; CVE-2005-2119)

DTC Distributed Transaction Coordinator is a system service that coordinates transactions. A vulnerability was detected in the DTC service for several Microsoft Windows operating systems that can allow remote attackers to execute arbitrary code via a crafted DTC packet...

5CVSS7.1AI score0.39128EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/14 12:0 a.m.•34 views

Jenkins Rundeck Plugin Cross-Site Scripting (CVE-2022-30956)

A cross-site scripting vulnerability exists in Jenkins Rundeck Plugin. This vulnerability is due to insufficient validation of user input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to a vulnerable server...

3.5CVSS2.5AI score0.71943EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/08 12:0 a.m.•34 views

DedeCMS Remote Code Execution (CVE-2022-35516)

A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.01945EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/10/18 12:0 a.m.•34 views

Apache Commons Text Remote Code Execution (CVE-2022-42889)

A remote code execution vulnerability exists in Apache Commons Text. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.5AI score0.99931EPSS
Exploits42
Check Point Advisories
Check Point Advisories
•added 2022/10/13 12:0 a.m.•34 views

Adobe ColdFusion Arbitrary File Read And Deletion (APSB22-44: CVE-2022-38424)

A arbitrary file read and deletion vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

5.6AI score0.45159EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/08/30 12:0 a.m.•34 views

Nokia BTS TRS Web Console Authentication Bypass (CVE-2021-31932)

An authentication bypass vulnerability exists in Nokia BTS TRS Web Console. Successful exploitation of this vulnerability would allow remote attacker to obtain sensitive information and gain unauthorized access into the affected system...

7.5CVSS5.8AI score0.21639EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2022/08/29 12:0 a.m.•34 views

Tenda M3 Router Buffer Overflow (CVE-2022-32036)

A buffer overflow vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...

7.8CVSS5.8AI score0.011EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/08/15 12:0 a.m.•34 views

Moodle Directory Traversal (CVE-2022-35650)

A Directory Traversal vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

5.4AI score0.49102EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/06/13 12:0 a.m.•34 views

WhatsApp Desktop Cross Site Scripting (CVE-2019-18426)

A cross site scripting vulnerability exists in WhatsApp Desktop. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5.8CVSS4.7AI score0.67859EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/05/26 12:0 a.m.•34 views

Naviwebs Navigate CMS Directory Traversal (CVE-2018-17553)

A directory traversal vulnerability exists in Naviwebs Navigate CMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

6.5CVSS5.5AI score0.78994EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/04/03 12:0 a.m.•34 views

LG N1A1 Remote Code Execution (CVE-2018-14839)

A remote code execution vulnerability exists in LG N1A1. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.8AI score0.89354EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/03/27 12:0 a.m.•34 views

Google Chrome Use After Free (CVE-2022-0609)

A use after free vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.1AI score0.23546EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/28 12:0 a.m.•34 views

Zoho ManageEngine ADManager Plus Arbitrary File Upload (CVE-2021-20130)

An unrestricted file upload vulnerability exists in ManageEngine ADManager Plus. The vulnerability is due to lack of validation of uploaded files in PasswordExpiryAction class...

6.5CVSS2.6AI score0.3162EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/16 12:0 a.m.•34 views

Dnnsoftware DotNetNuke Remote Code Execution (CVE-2018-15811)

A Remote Code Execution vulnerability exists in Dnnsoftware DotNetNuke. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5CVSS6.1AI score0.74048EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•34 views

Fortinet FortiOS Remote Code Execution (CVE-2016-6909)

A remote code execution vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS9.5AI score0.49856EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/11/16 12:0 a.m.•34 views

Sumavision Enhanced Multimedia Router Cross Site Request Forgery (CVE-2020-10181)

A cross site request forgery vulnerability exists in Sumavision Enhanced Multimedia Router. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the affected system...

7.5CVSS9.3AI score0.14209EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/08/26 12:0 a.m.•34 views

Rapid7 Nexpose SQL Injection (CVE-2020-7383)

An SQL injection vulnerability exists in Rapid7 Nexpose. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.5CVSS5.2AI score0.01137EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/08/26 12:0 a.m.•34 views

Oracle Fusion Middleware BI Publisher Arbitrary File Upload (CVE-2021-2392)

An arbitrary file upload vulnerability exists in Oracle Business Intelligence. This vulnerability is due to insufficient input validation in the UploadFndDBCPage class...

9CVSS2.7AI score0.03119EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/08/11 12:0 a.m.•34 views

Advantech iView deleteZtpConfig SQL Injection (CVE-2021-32932)

A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in method in Java class...

5CVSS2.7AI score0.01169EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/05/31 12:0 a.m.•34 views

Jenkins Credentials Plugin Cross-Site Scripting (CVE-2021-21648)

A reflected cross-site scripting vulnerability exists in Jenkins Credentials Plugin. This vulnerability is due to insufficient validation of user-controlled information on the upload certificate view provided by Credentials plugin...

4.3CVSS2AI score0.11308EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/04/11 12:0 a.m.•34 views

Invigo Automatic Device Management Command Injection (CVE-2020-10583)

A command injection vulnerability exists in Invigo Automatic Device Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS6.8AI score0.02765EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/03/15 12:0 a.m.•34 views

libEBML Use After Free (CVE-2015-8789)

A use-after-free vulnerability exists in libEBML. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.9AI score0.02126EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/03/02 12:0 a.m.•34 views

Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)

A remote code execution vulnerability exists in Microsoft Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.99999EPSS
Exploits65
Check Point Advisories
Check Point Advisories
•added 2021/02/24 12:0 a.m.•34 views

Rockoa SQL Injection (CVE-2020-18714)

An SQL injection vulnerability exists in Rockoa. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.5AI score0.01317EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•34 views

Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)

A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...

7.5CVSS3.1AI score0.21869EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•34 views

Libbpg Project Out of Bounds Write (CVE-2016-8710)

A remote code execution vulnerability exists in Libbpg project Libbpg. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.9AI score0.03388EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/10/29 12:0 a.m.•34 views

Sangoma FreePBX Authentication Bypass (CVE-2019-19006)

An authentication bypass vulnerability exists in Sangoma FreePBX. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized...

7.5CVSS5.5AI score0.36615EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/09/02 12:0 a.m.•34 views

Easycorp Zentao Pro Command Injection (CVE-2020-7361)

A command injection vulnerability exists in Easycorp Zentao Pro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.5AI score0.17225EPSS
Exploits4
Total number of security vulnerabilities5000