Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•74 views

Cross-Site Scripting (CVE-2005-0543; CVE-2014-4075; CVE-2014-4116; CVE-2014-6325; CVE-2014-6365; CVE-2015-1636; CVE-2015-1640; CVE-2015-1757)

...

4.3CVSS6.4AI score0.24698EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/04/13 12:0 a.m.•74 views

Microsoft Internet Explorer CSS Table Handling Memory Corruption (MS10-090; CVE-2010-3962)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.96889EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2011/02/24 12:0 a.m.•74 views

Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)

Microsoft Excel is a popular spreadsheet application. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A buffer overflow vulnerability has been reported in Microsoft Excel...

9.3CVSS7.2AI score0.56461EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•73 views

Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)

A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...

5CVSS3.6AI score0.04404EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•73 views

Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)

A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...

7.5CVSS1.4AI score0.02109EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•73 views

Microsoft Windows Media Player MIDI Code Execution (MS12-004) - Ver2 (CVE-2012-0003)

A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...

9.3CVSS7.2AI score0.69499EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•73 views

HP Operations Agent Opcode Stack Buffer Overflow - Ver2 (CVE-2012-2019)

A stack-based buffer overflow vulnerability has been reported in HP Operations Agent. The vulnerability is due to a bound checking error when processing requests containing certain opcodes. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server...

10CVSS3.4AI score0.64685EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/03/25 12:0 a.m.•73 views

Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...

9CVSS8.4AI score0.50324EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•73 views

Belkin Linksys WRT110 Remote Command Execution - Ver2 (CVE-2013-3568)

A remote command execution vulnerability has been reported in Belkin Linksys WRT110 firmware. The vulnerability is due to the Web interface's failure to sanitize ping targets as well as a lack of CSRF tokens. A remote attacker could exploit this vulnerability by sending a malicious HTTP request t...

6.8CVSS2.5AI score0.25129EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•73 views

Microsoft Windows Font Library File Buffer Overflow - Ver2 (CVE-2011-2003)

A buffer overflow vulnerability has been reported in Microsoft Windows. The vulnerability is due to an input validation error when the kernel parses a .FON font file. A remote attacker could exploit this issue by enticing a target user to open a specially crafted .FON file...

5.1AI score0.27772EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/09/19 12:0 a.m.•73 views

Chasys Draw IES BMP Buffer Overflow (CVE-2013-3928)

A buffer overflow vulnerability has been reported in Chasys Draw IES. The vulnerability is due to an image parsing input validation error in Chasys Draw IES when parsing a file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file. Successful exploitation will...

9.3CVSS7.2AI score0.37328EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/03/25 12:0 a.m.•73 views

Update Protection against Mozilla Firefox JIT escape Function Memory Corruption

A memory corruption vulnerability exists in Mozilla Firefox, a web browser developed by Mozilla Foundation. This flaw is due to the way Mozilla Firefox handles JIT Just-in-Time escape Function calls. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious we...

9.3CVSS9AI score0.42689EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•73 views

Microsoft IIS ISAPI Extension Indexing Service Buffer Overflow (MS01-033; CVE-2001-0500)

The Internet Information Server IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server component that is capable of serving static, as well as dynamic content. There exists a vulnerability in ISAPI extension idq.dll in...

10CVSS7.7AI score0.96731EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/12/06 12:0 a.m.•73 views

HP OpenView Network Node Manager CGI programs HTTP Request Buffer Overflow (CVE-2007-6204; CVE-2008-0067)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow...

10CVSS7.7AI score0.69613EPSS
Exploits28
Check Point Advisories
Check Point Advisories
•added 2009/10/13 12:0 a.m.•73 views

Internet Explorer Data Stream Header Corruption (MS09-054; CVE-2009-1547)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability exists in the way Internet Explorer processes data stream headers. The vulnerability occurs when Internet Explorer processes a specially crafted data stream header, it may corrupt system...

9.3CVSS7.5AI score0.37436EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/10/11 12:0 a.m.•73 views

UltraVNC VNCViewer Authenticate Buffer Overflow (CVE-2009-0388)

Virtual Network Computing VNC is a graphical desktop sharing technology that uses the Remote Frame Buffer RFB protocol to remotely control another computer. The controller computer client or viewer sends keyboard and mouse events to the controlled computer server; the controlled computer sends...

10CVSS7.5AI score0.13334EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2007/08/21 12:0 a.m.•73 views

Update Protection against Trend Micro ServerProtect CreateBinding DCE-RPC Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...

10CVSS7.6AI score0.77194EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2007/08/21 12:0 a.m.•73 views

Update Protection against Trend Micro ServerProtect EarthAgent DCE-RPC Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Trend Micro ServerProtect. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...

10CVSS7.6AI score0.77194EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2006/02/22 12:0 a.m.•73 views

WMF and EMF Files (CVE-2005-2123; CVE-2005-2124; CVE-2005-4560; CVE-2006-0020)

...

9.3CVSS6.4AI score0.86476EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2021/05/27 12:0 a.m.•72 views

Subrion CMS Remote Code Execution (CVE-2018-19422)

A remote code execution vulnerability exists in Subrion CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.5AI score0.64261EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2021/02/18 12:0 a.m.•72 views

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.7AI score0.97714EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2020/01/02 12:0 a.m.•72 views

MongoDB mongo-express Remote Code Execution (CVE-2019-10758)

A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.6AI score0.84845EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/12/15 12:0 a.m.•72 views

Apache Solr Remote Code Execution (CVE-2019-0193)

A remote code execution vulnerability exists in Apache Solr. Successful exploitation could result in execution of arbitrary code on the affected system...

9CVSS3.6AI score0.83547EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/09/05 12:0 a.m.•72 views

WordPress Plainview Activity Monitor Plugin Command Injection (CVE-2018-15877)

A command injection vulnerability exists in WordPress Plainview Activity Monitor plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the affected system...

9CVSS7.3AI score0.7699EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•72 views

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

6.4CVSS1.7AI score0.92719EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/10/06 12:0 a.m.•72 views

Symantec Endpoint Protection ConsoleServlet ResetPassword Policy Bypass (CVE-2015-1486)

An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the...

7.5CVSS6.5AI score0.64487EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/09/17 12:0 a.m.•72 views

Oracle Endeca Server createDataStore Remote Command Execution (CVE-2013-3763)

A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...

5.5CVSS6.9AI score0.5984EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2012/12/10 12:0 a.m.•72 views

Novell File Reporter FSFUI File Upload (CVE-2012-4959)

A file upload vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests. A remote attacker can exploit this issue by sending a specially crafted request to the target. Successful exploitation could result in arbitrary files bein...

10CVSS6.5AI score0.71194EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2012/10/14 12:0 a.m.•73 views

InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)

A heap buffer overflow vulnerability has been reported in the InduSoft Thin Client. The vulnerability is due to lack of input validation of a certain parameter. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. Successf...

9.3CVSS7.5AI score0.32349EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2010/08/09 12:0 a.m.•72 views

Oracle Database Application Express Component APEX Password Hash Disclosure (CVE-2009-0981)

Oracle Application Express APEX is a component of Oracle database server products. It is a web application development environment, with which developers can create and deploy database-backed applications via a web-based interface. An information disclosure vulnerability exists in the Application...

4CVSS5.5AI score0.05281EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•71 views

Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)

A directory traversal vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...

7.5CVSS3.5AI score0.02083EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/07/17 12:0 a.m.•71 views

Jenkins Dependency Graph View Plugin Cross-Site Scripting (CVE-2019-10349)

A Cross-Site Scripting vulnerability exists in Jenkins Dependency Graph View plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

3.5CVSS4.3AI score0.03885EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2019/06/23 12:0 a.m.•71 views

HTTP URL Patterns (CAN-2004-1315)

...

7.5CVSS0.72096EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2018/11/22 12:0 a.m.•71 views

HPE Lights-Out Authentication Bypass (CVE-2017-12542)

An authentication bypass vulnerability exists in HPE Lights-Out. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

10CVSS6.3AI score0.99335EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2018/06/19 12:0 a.m.•71 views

VDOO Axis Camera Authentication Bypass (CVE-2018-10661; CVE-2018-10658; CVE-2018-10659; CVE-2018-10662; CVE-2018-10663; CVE-2018-10664)

An authentication bypass vulnerability exists in VDOO Axis Cameras. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

10CVSS5.9AI score0.86682EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2017/09/26 12:0 a.m.•71 views

Joomla LDAP Information Disclosure (CVE-2017-14596)

A LADP information disclosure vulnerability exists in Joomla!. Successful exploitation of this vulnerability allows an unprivileged remote attacker to extract all authentication credentials of the effected system...

5CVSS8.5AI score0.06333EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•71 views

Microsoft XML Core Services Remote Code Execution (KB2719615) - Ver2 (CVE-2012-1889)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is caused due to a memory corruption when XML core Services attempts to access an object in memory that has not been initialized. A remote attacker may exploit this vulnerability by enticing ...

9.3CVSS7.6AI score0.83638EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2013/12/10 12:0 a.m.•71 views

Microsoft IIS Request Header Buffer Overflow (MS10-065; CVE-2010-2730) - ver 2

A code execution vulnerability exists in Microsoft Internet Information Services IIS...

6.8AI score0.32826EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•71 views

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

9CVSS7.4AI score0.66592EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2010/05/17 12:0 a.m.•71 views

Multiple Vendors RPC librpc.dll Stack Buffer Overflow (CVE-2009-2754)

Remote Procedure Call RPC is a protocol that a program can use to request a service from a program located on another computer in a network. The librpc.dll handles the RPC protocol parsing. A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The...

10CVSS7.7AI score0.40321EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/05/13 12:0 a.m.•71 views

Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation (CVE-2010-0866; CVE-2010-0867)

Oracle Database Server is an enterprise-level relational database application suite. A vulnerability exists in Oracle Database 11g server that could allow users with limited privileges to execute SQL commands with System privileges on the server. The vulnerability is due to an access control...

6.5CVSS7.4AI score0.1125EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/05/06 12:0 a.m.•71 views

Internet Explorer DHTML Objects Memory Corruption (MS07-069; CVE-2007-5347)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...

6.8CVSS7.5AI score0.28032EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/01 12:0 a.m.•71 views

Apple iTunes Protocol Handler Stack Buffer Overflow (CVE-2009-0950)

Apple iTunes is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files. When iTunes is installed, it registers itself with the host Operating System as a protocol handler for several application URL schemes. A buffer overflow...

9.3CVSS7.7AI score0.28815EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2009/03/30 12:0 a.m.•71 views

HP OpenView Network Node Manager Multiple Parameters Buffer Overflow (CVE-2009-0920; CVE-2009-0921)

The Network Node Manager NNM is an HP OpenView product which manages networks.It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. Multiple buffer overflow vulnerabilities were reported in HP OpenView...

10CVSS7.5AI score0.7494EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2022/03/13 12:0 a.m.•70 views

WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)

An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

5CVSS3.2AI score0.8093EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2021/08/26 12:0 a.m.•70 views

Omron CX-One Stack Buffer Overflow (CVE-2020-27261)

A stack-based overflow exists in the CX-Position module of OMRON CX-One. The vulnerability is due to input validation error when processing NCI configuration files...

6.8CVSS4.1AI score0.07612EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/03/28 12:0 a.m.•70 views

Linear eMerge Arbitrary File Upload (CVE-2019-7257)

A vulnerability exists in Linear eMerge E3 devices. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7.5CVSS5.3AI score0.69992EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•70 views

Apache Druid Remote Code Execution (CVE-2021-25646)

A remote code execution vulnerability exists in Apache Druid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.8AI score0.99301EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•70 views

Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)

An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

10CVSS6AI score0.93249EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2020/07/07 12:0 a.m.•70 views

TCPDF Phar Insecure Deserialization (CVE-2018-17057)

A remote code execution vulnerability exists in LimeSurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS6.1AI score0.26172EPSS
Exploits7
Total number of security vulnerabilities5000