Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•71 views

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

9CVSS7.4AI score0.66592EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2010/05/17 12:0 a.m.•71 views

Multiple Vendors RPC librpc.dll Stack Buffer Overflow (CVE-2009-2754)

Remote Procedure Call RPC is a protocol that a program can use to request a service from a program located on another computer in a network. The librpc.dll handles the RPC protocol parsing. A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The...

10CVSS7.7AI score0.40321EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/05/13 12:0 a.m.•71 views

Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation (CVE-2010-0866; CVE-2010-0867)

Oracle Database Server is an enterprise-level relational database application suite. A vulnerability exists in Oracle Database 11g server that could allow users with limited privileges to execute SQL commands with System privileges on the server. The vulnerability is due to an access control...

6.5CVSS7.4AI score0.1125EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/05/06 12:0 a.m.•71 views

Internet Explorer DHTML Objects Memory Corruption (MS07-069; CVE-2007-5347)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...

6.8CVSS7.5AI score0.28032EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/01 12:0 a.m.•71 views

Apple iTunes Protocol Handler Stack Buffer Overflow (CVE-2009-0950)

Apple iTunes is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files. When iTunes is installed, it registers itself with the host Operating System as a protocol handler for several application URL schemes. A buffer overflow...

9.3CVSS7.7AI score0.28815EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2009/03/30 12:0 a.m.•71 views

HP OpenView Network Node Manager Multiple Parameters Buffer Overflow (CVE-2009-0920; CVE-2009-0921)

The Network Node Manager NNM is an HP OpenView product which manages networks.It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. Multiple buffer overflow vulnerabilities were reported in HP OpenView...

10CVSS7.5AI score0.7494EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2022/04/04 12:0 a.m.•70 views

WordPress Remote Code Execution (CVE-2021-44223)

A remote code execution vulnerability exists in WordPress. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.28983EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/03/13 12:0 a.m.•70 views

WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)

An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

5CVSS3.2AI score0.8093EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2021/12/30 12:0 a.m.•70 views

Schneider Electric Struxureware Data Center Expert Command Injection (CVE-2021-22795)

A command-injection vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...

7.5CVSS2.8AI score0.03083EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/03/28 12:0 a.m.•70 views

Linear eMerge Arbitrary File Upload (CVE-2019-7257)

A vulnerability exists in Linear eMerge E3 devices. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7.5CVSS5.3AI score0.69992EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•70 views

Apache Druid Remote Code Execution (CVE-2021-25646)

A remote code execution vulnerability exists in Apache Druid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.8AI score0.99301EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•70 views

Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)

An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

10CVSS6AI score0.93249EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2020/07/07 12:0 a.m.•70 views

TCPDF Phar Insecure Deserialization (CVE-2018-17057)

A remote code execution vulnerability exists in LimeSurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS6.1AI score0.26172EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2018/04/11 12:0 a.m.•70 views

PHPMailer Local Information Disclosure (CVE-2017-5223) - Ver2

An information disclosure vulnerability exists in PHPMailer. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

2.1CVSS2AI score0.02161EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•70 views

Command Injection - Ver2 (CVE-2007-3010)

...

10CVSS6.4AI score0.97759EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/10/15 12:0 a.m.•70 views

Sophos Web Protection Appliance patience.cgi Directory Traversal (CVE-2013-2641)

A directory traversal vulnerability has been reported in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. A remote attacker can exploit this issue by reading arbitary files from the filesystem. These files include configuration files containing sensitive...

5CVSS6.3AI score0.7099EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2012/12/30 12:0 a.m.•70 views

Ipswitch TFTP Server Information disclosure (CVE-2009-1730)

A directory traversal vulnerability has been reported in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of certain requests. A remote attacker can exploit this issue by sending a specially crafted TFTP packet to the target. Successful exploitation would allow an...

10CVSS6.8AI score0.5451EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2010/03/22 12:0 a.m.•70 views

HP Power Manager formExportDataLogs Buffer Overflow (CVE-2009-3999)

HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS through a browser-based management console. It allows to monitor, manage, and control a single UPS locally and remotely. A buffer overflow vulnerability was reported in HP Power Manager. The vulnerabili...

10CVSS7.2AI score0.71807EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2007/03/14 12:0 a.m.•70 views

Trend Micro ServerProtect RPC Multiple Buffer Overflows (CVE-2007-1070; CVE-2007-2508; CVE-2007-4218)

Trend Micro ServerProtect is prone to multiple buffer overflow vulnerabilities. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...

10CVSS7.7AI score0.77194EPSS
Exploits57
Check Point Advisories
Check Point Advisories
•added 2006/08/13 12:0 a.m.•70 views

Microsoft Windows Server Service RPC Request Buffer Overrun (MS06-040; CVE-2006-3439)

The Server Service SRVSVC is one of the network services supplied by Microsoft. It supports file, print, and named-pipe sharing over Windows-based networks, and allows named pipe communication between applications running on distributed systems. By supplying malformed parameters to some of the AP...

10CVSS6.4AI score0.85461EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2022/11/22 12:0 a.m.•69 views

TP-Link TL-WR840N Command Injection (CVE-2022-25061)

A command injection vulnerability exists in TP-Link TL-WR840N. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.6AI score0.66934EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/17 12:0 a.m.•69 views

Necta LLC WiFi Mouse Command Injection (CVE-2022-3218)

A command injection vulnerability exists in Necta LLC WiFi Mouse. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

5.8AI score0.73475EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/11/13 12:0 a.m.•69 views

InHand Networks InRouter 900 Industrial 4G Router Command Injection (CVE-2022-27268; CVE-2022-27273; CVE-2022-27275; CVE-2022-27276)

A command injection vulnerability exists in InHand Networks InRouter 900 Industrial 4G Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS6.2AI score0.03592EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/11/10 12:0 a.m.•69 views

AtomCMS Arbitrary File Upload (CVE-2022-25487)

An arbitrary file upload vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.2AI score0.54766EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•69 views

Moxa MXView Denial of Service (CVE-2017-7456)

A denial of service vulnerability exists in Moxa MXView. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS4.8AI score0.29293EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/10/30 12:0 a.m.•69 views

Advantech iView SQL Injection (CVE-2022-2135)

A SQL injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation for the segment parameter in the findCfgDeviceList process...

3.9AI score0.10085EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/02/23 12:0 a.m.•69 views

Monitorr Remote Code Execution (CVE-2020-28871)

A remote code execution vulnerability exists in Monitorr. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.6AI score0.85785EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2021/01/20 12:0 a.m.•69 views

Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)

A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.6AI score0.96049EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2020/12/06 12:0 a.m.•69 views

Microsoft Windows Uniscribe Memory Corruption (CVE-2010-2738)

A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to improper input validation of a table in the TrueType font layout. Remote attacker could trigger this flaw by enticing a user to open a specially crafted TTF file. Successful exploitation could result in a...

9.3CVSS3.3AI score0.18537EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/08/17 12:0 a.m.•69 views

Roundcube Webmail Command Injection (CVE-2020-12641)

A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.7AI score0.84456EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/08/05 12:0 a.m.•69 views

Opmantek Open-AudIT Command Injection (CVE-2020-12078)

A command injection vulnerability exists in Open-AudIT. The vulnerability is due to insufficient input validation in discoverieshelper.php. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...

9CVSS3.9AI score0.09999EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2019/05/13 12:0 a.m.•69 views

Jenkins Ansible Tower Plugin Information Disclosure (CVE-2019-10310)

A cross-site request forgery vulnerability exists in Jenkins Ansible Tower Plugin. Successful exploitation of this vulnerability could lead to disclosure of credentials stored in Jenkins server...

6.8CVSS2.5AI score0.01525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/05/12 12:0 a.m.•69 views

Barco EOM Presentation platform Remote Code Execution (CVE-2019-3929)

A command injection vulnerability exists in several IoT devices. Successful exploitation results in the execution of arbitrary commands on the targeted device...

10CVSS4.2AI score0.98952EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2019/04/30 12:0 a.m.•69 views

Apache Pluto Chat Room Demo Portlet Persistent Cross-Site Scripting (CVE-2019-0186)

A cross site scripting vulnerability exists in Apache Pluto. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...

4.3CVSS6.1AI score0.20649EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2019/01/29 12:0 a.m.•69 views

JBoss Seam 2 Framework Remote Code Execution (CVE-2010-1871)

An Arbitrary File Upload vulnerability exists in JBoss Seam 2 Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.1AI score0.83397EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2018/11/28 12:0 a.m.•69 views

Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)

A SQL injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to insufficient validation of user input. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.4AI score0.80539EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2018/05/02 12:0 a.m.•69 views

Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization (CVE-2017-15089)

An insecure deserialization vulnerability exists in the Hotrod client that ships with Red Hat JBoss Data Grid. This vulnerability is due the Hotrod client unsafely reading serialized data from the JBoss Data Grid cache...

6.5CVSS1.6AI score0.02881EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/22 12:0 a.m.•69 views

LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow (CVE-2016-9941)

A heap-based buffer overflow has been reported in LibVNCServer LibVNCClient. The vulnerability is due to improper handling of FramebufferUpdate messages with specially crafted rectangles. A remote attacker could exploit this vulnerability by enticing a user to connect to a malicious VNC server an...

7.5CVSS2.6AI score0.03732EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•69 views

Symantec Endpoint Protection Manager Cross Site Request Forgery (CVE-2016-3653)

A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could...

6CVSS3.2AI score0.01342EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•69 views

Piwigo Photo Gallery Project install script Directory Traversal - Ver2 (CVE-2013-1469)

A directory traversal vulnerability has been reported in Piwigo. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

4CVSS4.5AI score0.56011EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/06/10 12:0 a.m.•69 views

Microsoft Visio Packed Object Parsing Memory Corruption - ver 2 (CVE-2007-0936)

A remote code-execution vulnerability has been reported in Microsoft Visio. The vulnerability is due to incorrectly handling the parsing of a packed object. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Visio file, potentially causing...

9.3CVSS6.6AI score0.30914EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/12/10 12:0 a.m.•69 views

Portable Executable Files With Weak Encryption (CVE-2013-3900)

Portable Executable PE files can contain encrypted data. PE files with weak data encryption can be decrypted to manipulate the data. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS...

7.6CVSS7.3AI score0.44647EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/09/22 12:0 a.m.•69 views

HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)

A command injection vulnerability exists in HP SiteScope SOAP component...

7AI score0.68895EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2009/12/30 12:0 a.m.•69 views

HP Operations Manager Server Unauthorized File Upload (CVE-2009-3548; CVE-2009-3843; CVE-2009-4189)

HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. It monitors both physical and virtual servers to identify the root cause of event storms, allowing faster time to...

10CVSS7.9AI score0.78995EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2009/10/27 12:0 a.m.•69 views

Novell GroupWise Messenger Accept-Language Header Buffer Overflow (CVE-2006-0992)

Novell GroupWise Messenger is a corporate instant messaging solution targeted towards medium to large enterprise organizations. It facilitates secure communications and policy-based management through Novell's eDirectory product suite. The product is based on a client server model where messaging...

10CVSS7.6AI score0.72833EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2022/04/14 12:0 a.m.•68 views

Lantronix PremierWave 2050 Multiple Vulnerabilities (CVE-2021-21872; CVE-2021-21873; CVE-2021-21874; CVE-2021-21875; CVE-2021-21881; CVE-2021-21882; CVE-2021-21883; CVE-2021-21884; CVE-2021-21888)

Multiple vulnerabilities exist in Lantronix PremierWave 2050. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.4AI score0.37064EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•68 views

Ffay Lanproxy Directory Traversal (CVE-2021-3019)

A directory traversal vulnerability exists in Ffay Lanproxy. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

5CVSS5.5AI score0.18982EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/02/01 12:0 a.m.•68 views

Laravel Ignition Remote Code Execution (CVE-2021-3129)

A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.99943EPSS
Exploits36
Check Point Advisories
Check Point Advisories
•added 2020/12/16 12:0 a.m.•68 views

Aerospike Community Remote Code Execution (CVE-2020-13151)

A remote code execution vulnerability exists in Aerospike Community. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.7AI score0.86749EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/03/01 12:0 a.m.•68 views

Harbor Container Registry Privilege Escalation (CVE-2019-16097)

A Privilege Escalation vulnerability exists in Harbor Container Registry. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

4CVSS4.1AI score0.23284EPSS
Exploits5
Total number of security vulnerabilities5000