Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2018/02/18 12:0 a.m.•29 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0770)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.5AI score0.78434EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/11/12 12:0 a.m.•29 views

WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)

An authentication bypass vulnerability exists in WordPress Userpro Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

7.5CVSS8.9AI score0.27369EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/10/23 12:0 a.m.•29 views

Technicolor TD5336 Router Remote Code Execution (CVE-2017-14127)

A remote code execution vulnerability is exist in Technicolor router. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...

10CVSS5.3AI score0.02689EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/16 12:0 a.m.•29 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11802)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.8AI score0.69163EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/08/17 12:0 a.m.•29 views

Trend Micro OfficeScan Proxy.php Command Injection (CVE-2017-11394)

A command injection vulnerability exists in Trend Micro's OfficeScan. The vulnerability is due to improper validation of HTTP parameters within the Proxy.php script. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the vulnerable system...

10CVSS1.9AI score0.66774EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/08/08 12:0 a.m.•29 views

Adobe Flash Player Security Bypass (APSB17-23: CVE-2017-3085)

A security bypass vulnerability exists in Adobe Flash Player. The vulnerability is due to insufficient redirection checks when performing URL redirect. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

4.3CVSS2.8AI score0.04478EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/07/25 12:0 a.m.•29 views

MediaWiki SyntaxHighlight Option Injection (CVE-2017-0372)

A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target, potentially leading to arbitrary code execution...

7.5CVSS2.6AI score0.11653EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/07/20 12:0 a.m.•29 views

Cisco Prime Collaboration Provisioning ScriptMgr Authentication Bypass (CVE-2017-6622)

An authentication bypass vulnerability has been reported in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to ScriptMgr servlet. A remote, unauthenticated attacker can exploit this vulnerability by sending ...

10CVSS2.3AI score0.6217EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•29 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0259)

An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the Windows kernel improperly initializing objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...

1.9CVSS5.2AI score0.09659EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•29 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0220)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...

1.9CVSS4.7AI score0.07464EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•29 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0167)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...

2.1CVSS5.6AI score0.05587EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•29 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0090)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

9.3CVSS8.5AI score0.42546EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•29 views

Microsoft Windows DirectShow Information Disclosure (MS17-021: CVE-2017-0042)

An information disclosure vulnerability exists in Windows DirectShow. The vulnerability is due to the way Windows DirectShow handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

2.6CVSS4.5AI score0.29524EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•29 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0086)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.42546EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/08 12:0 a.m.•29 views

OpenSSH sshd auth_passwd Denial of Service (CVE-2016-6515)

A denial of service vulnerability has been discovered in OpenSSH. The vulnerability is due to not limiting the password length during authentication of users in the authpasswd module. A remote, unauthenticated attacker could exploit this vulnerability by supplying a specially crafted password as...

7.8CVSS3.5AI score0.58568EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/12/18 12:0 a.m.•29 views

HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet...

7.5CVSS3.5AI score0.15618EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•29 views

Microsoft Edge Memory Corruption (MS16-145: CVE-2016-7286)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption...

7.6CVSS8AI score0.68884EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•29 views

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7224)

Multiple elevation of privilege vulnerabilities exist in the Windows VHDMP kernel driver. The vulnerability is due to the way driver fails to properly handle user access to certain files. An attacker can exploit this vulnerability by gaining access to the local system and executing a specially...

3.6CVSS6.5AI score0.04105EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/10/13 12:0 a.m.•29 views

Adobe Reader Memory Corruption (APSB16-33: CVE-2016-6974; CVE-2016-6975; CVE-2016-6976; CVE-2016-6977)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3AI score0.05038EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/10/11 12:0 a.m.•29 views

Microsoft Office Memory Corruption (MS16-121: CVE-2016-7193)

A buffer overflow vulnerability exists in the Word's RTF parser. The vulnerability is due to invalid parsing of RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system...

9.3CVSS8.2AI score0.57705EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/10/11 12:0 a.m.•29 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-119: CVE-2016-7190)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Chakra JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.3AI score0.66919EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/10 12:0 a.m.•29 views

Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)

An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...

10CVSS9.4AI score0.13268EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•29 views

Microsoft Internet Explorer Memory Corruption (MS16-084 : CVE-2016-3259)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in...

9.3CVSS8.8AI score0.36361EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•29 views

Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3207)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.17401EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•29 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (MS16-051: CVE-2016-0187)

A use-after-free vulnerability was detected in Microsoft Internet Explorer in the handling of BooleanProtoObj objects. The underlying vulnerability lies in jscript!JSONStringifyArray where a previously released object is reused...

7.6CVSS0.8AI score0.21591EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/12/15 12:0 a.m.•29 views

Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)

A security bypass vulnerability exists in Skype for Business and Lync Servers. The vulnerability is due to improper sanitizing of specially crafted content. A remote attacker could trigger this flaw by convincing a victim to open an instant message session and then send that user a message...

4.3CVSS6.2AI score0.12811EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/12/02 12:0 a.m.•29 views

Labtam ProFTP Client Banner Buffer Overflow (CVE-2009-3976)

Labtam ProFTP is vulnerable to a buffer overflow, caused by improper bounds checking. A remote attacker could exploit this vulnerability via an overly long welcome message to overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the service to crash...

5.8AI score0.28277EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/11/10 12:0 a.m.•29 views

Microsoft Internet Explorer Information Disclosure (MS15-112: CVE-2015-6086)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

4.3CVSS2.1AI score0.26037EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2015/11/10 12:0 a.m.•29 views

Microsoft Windows Winsock Elevation of Privilege (MS15-119: CVE-2015-2478)

An elevation of privilege vulnerability exists in Windows Winsock. The vulnerability is due to an error in the way windows kernel verifies memory address. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted code...

7.2CVSS6.3AI score0.0189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/11/01 12:0 a.m.•29 views

IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection (CVE-2015-1938)

A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1331 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...

10CVSS7.8AI score0.05527EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/08/11 12:0 a.m.•29 views

Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2458)

Remote code execution vulnerabilities exist in Microsoft Windows. The vulnerability is due to an error in the way Microsoft Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. A remote attacker can exploit this issue by enticing a victim to open a specially...

9.3CVSS4.3AI score0.32351EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/07/14 12:0 a.m.•29 views

Microsoft Internet Explorer Memory Corruption (MS15-065: CVE-2015-2372)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.20243EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/14 12:0 a.m.•29 views

HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)

...

8.5CVSS8.3AI score0.86396EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2015/05/25 12:0 a.m.•29 views

Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3062; CVE-2015-3060)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...

10CVSS7AI score0.09917EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•29 views

Novell GroupWise Internet Agent iCalendar Parsing Denial of Service - Ver2 (CVE-2011-3827)

A denial-of-service vulnerability has been reported in Novell GroupWise Internet Agent. The vulnerability is due to insufficient validation of certain data when parsing a received iCalendar message. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted...

4.3CVSS4.6AI score0.03694EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•29 views

Novell CASA PAM Module Stack Buffer Overflow - Ver2 (CVE-2006-0736)

A buffer overflow vulnerability has been reported in Novell's CASA. The vulnerability is due to a boundary error in the CASA PAM handler 'pammicasa' authentication module. A remote attacker can exploit this vulnerability by gaining root access to any machine with CASA installed...

10CVSS3.9AI score0.06891EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•29 views

MySQL yaSSL Certificate Packet Stack Overflow - Ver2 (CVE-2009-4484)

A buffer overflow vulnerability has been reported in MySQL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.5CVSS5.3AI score0.69552EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•29 views

Microsoft Excel Sheet Name Memory Corruption - Ver2 (CVE-2007-3490)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

7.5CVSS3.8AI score0.36551EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•29 views

WebGate WESPSDK WESPDiscovery Stack Buffer Overflow (CVE-2015-2100)

A code execution vulnerability exists in WebGate WESPSDK that is shipped with multiple WebGate products. The vulnerability is due to a stack buffer overflow in the TCPDiscovery and TCPDiscovery2 methods of the WESPDiscovery.WESPDiscoveryCtrl ActiveX control. A remote attacker could exploit this...

6.8CVSS3.9AI score0.02929EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•29 views

Internet Explorer HTML Tag Memory Corruption (MS06-013) - Ver2 (CVE-2006-1188)

Microsoft Internet Explorer IE is the most widely used web browser application today. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There are numerous versions of the HTML standard that are interpreted by the...

7.5CVSS7.3AI score0.57234EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/16 12:0 a.m.•30 views

AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

7.5CVSS4AI score0.01954EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/10 12:0 a.m.•29 views

Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0056)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.15525EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/03/10 12:0 a.m.•29 views

Microsoft Word Local Zone Remote Code Execution (MS15-022; CVE-2015-0097)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...

9.3CVSS4.8AI score0.40942EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•29 views

ActiveBar ActiveX Method Arbitrary File Write - Ver2 (CVE-2007-3883)

An Overwrite Files vulnerability has been reported in The Data Dynamics ActiveBar ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to create or overwrite files via a full pathname in the second argument to the Save method, or the first argument to the...

5.1CVSS6.2AI score0.082EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•29 views

CA ARCserve Backup DB Engine Denial of Service - Ver2 (CVE-2008-4399)

CA ARCserve Backup products offer data protection for distributed servers, clients,databases and applications. They provide centralized control over a series of distributed operationsincluding Backup and Restore, Data Migration, and Threat Management. There exists a denial of service vulnerabilit...

5CVSS6.3AI score0.08232EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•29 views

RealNetworks HELIX Server Denial of Service - Ver2 (CVE-2004-0389)

A denial-of-service vulnerability has been reported in Realnetworks Helix Universal Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

7.8CVSS5AI score0.52489EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•29 views

InterNetNews Control Message Handling Buffer Overflow - Ver2 (CVE-2004-0045)

The InterNetNews package INN is a complete Usenet system. It includes innd, an NNTP server, and nnrpd, a newsreading server. A vulnerability exists in the NNTP server component of InterNetNews INN, which can be exploited to compromise a vulnerable system. The vulnerability is caused due to a...

7.5CVSS6.7AI score0.08622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•29 views

Microsoft Exchange Server Outlook Web Access URL Redirection (MS14-075; CVE-2014-6336)

A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange when Microsoft Outlook Web Access OWA fails to properly validate redirection tokens. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

3.5CVSS6.1AI score0.07072EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•29 views

Microsoft ASP.NET MVC Cross-Site Scripting (MS14-059; CVE-2014-4075)

A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due to the way ASP.NET MVC encodes user input. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to follow a malicious link...

4.3CVSS5.8AI score0.2016EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/10 12:0 a.m.•29 views

Joomla Component com_rsfiles Directory traversal (CVE-2007-4504)

A directory traversal vulnerability has been reported in Joomla ComRsfiles. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

5CVSS5.3AI score0.09491EPSS
Exploits0
Total number of security vulnerabilities5000