Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2010/09/28 12:0 a.m.•68 views

Microsoft Office Malformed Routing Slip Code Execution (CVE-2006-0009)

Microsoft Office is a popular productivity suit released by the Microsoft Corporation. It includes a text processor, a spreadsheet application, a presentation editor, and a number of other components. Office document files contain a common section that stores metadata such as the author,...

5.1CVSS7.1AI score0.14205EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/25 12:0 a.m.•68 views

Microsoft SQL Server CONVERT Function Buffer Overflow (MS08-040; CVE-2008-0086)

Microsoft SQL Server is a relational database management system RDBMS. Microsoft SQL Server uses Transact-SQL T-SQL, a proprietor extension to Structured Query Language SQL, for querying and modifying data and managing databases. SQL Server can be remotely accessed via the Tabular Data Stream TDS...

9CVSS8AI score0.61927EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2006/02/12 12:0 a.m.•68 views

Oracle Database Server XML Database Buffer Overflow (CVE-2003-0727)

...

2.1CVSS3.2AI score0.68395EPSS
Exploits26
Check Point Advisories
Check Point Advisories
•added 2022/09/20 12:0 a.m.•67 views

Fortinet FortiOS Improper Access Control (CVE-2018-13374)

An improper access control vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...

4CVSS4.6AI score0.38088EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/02/15 12:0 a.m.•67 views

AnyDesk Software AnyDesk GUI Remote Code Execution (CVE-2020-13160)

A remote code execution vulnerability exists in AnyDesk Software AnyDesk GUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.80551EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2021/02/01 12:0 a.m.•67 views

Laravel Ignition Remote Code Execution (CVE-2021-3129)

A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.99943EPSS
Exploits36
Check Point Advisories
Check Point Advisories
•added 2021/01/06 12:0 a.m.•67 views

KLog Server Command Injection (CVE-2020-35729)

A command injection vulnerability exists in KLog Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.8AI score0.87987EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/08/16 12:0 a.m.•67 views

Dolibarr Persistent Cross Site Scripting (CVE-2020-13094)

A persistent cross site scripting vulnerability exists in Dolibarr. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

3.5CVSS4.9AI score0.01145EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/08/12 12:0 a.m.•67 views

devcert Module Command Injection (CVE-2020-8186)

A command injection vulnerability exists in devcert module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS6AI score0.02774EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/05/10 12:0 a.m.•67 views

Liferay Portal Insecure Deserialization (CVE-2020-7961)

An insecure deserialization vulnerability exists in Liferay Portal. This vulnerability is due to improper sanitization of user-supplied data in the JSONWebServiceActionParameters class...

7.5CVSS4.1AI score0.99766EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2019/06/19 12:0 a.m.•67 views

phpMyAdmin Cross-Site Request Forgery (CVE-2019-12616)

A cross-site request forgery vulnerability exists in phpMyAdmin. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...

4.3CVSS3.7AI score0.19184EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2018/07/05 12:0 a.m.•67 views

HP Data Protector Backup Client Service Code Execution - Ver2 (CVE-2011-0922)

HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The backup agent supports various message types in its communication with clients in...

10CVSS2.7AI score0.64219EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2015/12/21 12:0 a.m.•67 views

Jenkins CI Server Commons-Collections Library Insecure Deserialization (CVE-2015-8103)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path...

7.5CVSS4.3AI score0.86829EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•67 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0040)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.30043EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/01/11 12:0 a.m.•67 views

Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal (CVE-2014-8741)

A directory traversal vulnerability exists in Lexmark MarkVision Enterprise. The vulnerability is due to an input validation issue when processing user supplied data used for writing files to the system by the GfdFileUploadServlet servlet. A remote unauthenticated attacker could exploit this...

10CVSS3.4AI score0.77198EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•67 views

Microsoft Internet Explorer createTextRange Denial of Service - Ver2 (CVE-2006-1359)

A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

6AI score0.68068EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•67 views

Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)

A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...

1.8AI score0.74405EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/12/02 12:0 a.m.•67 views

Microsoft IIS Request Header Buffer Overflow (MS10-065; CVE-2010-2730)

A code execution vulnerability exists in Microsoft Internet Information Services IIS when FastCGI is enabled. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the IIS Worker process. The vulnerability is due ...

9.3CVSS7.9AI score0.32826EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/08/01 12:0 a.m.•67 views

ISC DHCP Server Denial of Service And Buffer Overflow (CVE-2004-0460; CVE-2006-3122; CVE-2010-2156)

The Internet Software Consortium ISC DHCP server is a popular and widely used implementations of the server side of the DHCP protocol. The Dynamic Host Configuration Protocol DHCP protocol is used to centrally manage and automate the assignment of IP addresses on a network. A denial of service an...

10CVSS7.6AI score0.76412EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•66 views

LibreNMS addhost Command Injection (CVE-2018-20434)

A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...

10CVSS9.2AI score0.71487EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•66 views

PHP Event Calendar SQL Injection (CVE-2021-42077)

An SQL injection vulnerability exists in PHP Event Calendar. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

10CVSS10AI score0.02433EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/11/25 12:0 a.m.•66 views

BillQuick Website SQL injection (CVE-2021-42258)

An SQL injection vulnerability exists in BillQuick Website. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

6.8CVSS9.9AI score0.73269EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/02/24 12:0 a.m.•66 views

Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)

Arbitrary Command Injection Over HTTP Traffic...

10CVSS1.2AI score0.53598EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2018/07/08 12:0 a.m.•66 views

HPE Integrated Lights-Out 4 Authentication Bypass (CVE-2017-12542)

An authentication bypass vulnerability exists in HPE Integrated Lights-Out 4. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code...

10CVSS4.1AI score0.99335EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2018/06/19 12:0 a.m.•66 views

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

7.5CVSS5.9AI score0.81373EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•66 views

Symantec Endpoint Protection Manager Open Redirect Report-Routing Component (CVE-2016-5304)

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. A remote attacker could exploit these...

4.9CVSS4.8AI score0.04122EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/05/23 12:0 a.m.•66 views

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

8.3CVSS1.7AI score0.94104EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2015/03/02 12:0 a.m.•66 views

ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure (CVE-2014-7863)

An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can...

5CVSS1.4AI score0.83399EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/07/28 12:0 a.m.•66 views

Western Digital Arkeia Remote Code Execution (CVE-2014-2846)

A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...

7.5CVSS7AI score0.08828EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/11/04 12:0 a.m.•66 views

Corel PDF Fusion XPS Stack Buffer Overflow (CVE-2013-3248)

A code execution vulnerability exists in Corel PDF Fusion...

7AI score0.18483EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/10/27 12:0 a.m.•66 views

HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution (CVE-2013-4811)

A vulnerability has been reported in HP ProCurve Manager SNAC...

6.3AI score0.71293EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/08/25 12:0 a.m.•66 views

Novell ZENworks Mobile Management MDM.php Code Execution (CVE-2013-1081)

A code execution vulnerability has been reported in ZENworks' Mobile Management system...

7AI score0.68079EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2012/06/12 12:0 a.m.•66 views

Internet Explorer Col Element Remote Code Execution (MS12-037; CVE-2012-1876)

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access a non-existent object. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially...

9.3CVSS7.1AI score0.64962EPSS
Exploits27
Check Point Advisories
Check Point Advisories
•added 2012/05/14 12:0 a.m.•66 views

Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)

A command execution vulnerability has been reported in Apache Struts 2...

9.1AI score0.88829EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2011/02/08 12:0 a.m.•66 views

CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)

CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...

10CVSS7.6AI score0.89871EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2010/12/02 12:0 a.m.•66 views

Microsoft PowerPoint Legacy File Parsing Memory Corruption (MS10-088; CVE-2010-2572)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to an integer underflo...

9.3CVSS7.5AI score0.62598EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/08/03 12:0 a.m.•66 views

CA XOsoft Multiple Products xosoapapi.asmx Buffer Overflow (CVE-2010-1223)

CA ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, data migration, and threat management. A buffer overflow vulnerability has been...

10CVSS7.4AI score0.16755EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/02/03 12:0 a.m.•66 views

Microsoft Windows Win32k EOT Parsing Integer Overflow (MS09-065; CVE-2009-2514)

Microsoft Windows kernel, the core of the operating system, contains a device driver win32k.sys. This device driver is an important component that controls window displays, receives keyboard and device input, offers functions for graphic output devices, and provides many other valuable services...

9.3CVSS6.8AI score0.47489EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2009/12/16 12:0 a.m.•66 views

Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow (CVE-2009-3031; CVE-2009-3033)

Symantec Altiris Deployment Solution software provides tools to deploy software on desktops and servers. It runs on Windows platforms, offering Operating System OS deployment, configuration, software deployment across hardware platforms and OS types, among other tasks. This product can be used...

9.3CVSS7.5AI score0.45435EPSS
Exploits26
Check Point Advisories
Check Point Advisories
•added 2009/11/19 12:0 a.m.•66 views

Update Protection against HP Power Manager Remote Code Execution

A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...

10CVSS7.5AI score0.76706EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2009/11/10 12:0 a.m.•66 views

Microsoft Office Excel Featheader Record Memory Corruption (MS09-067; CVE-2009-3129)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...

9.3CVSS7.2AI score0.85731EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2009/07/15 12:0 a.m.•66 views

ASPX Spy (CVE-2008-1436; CVE-2009-0078; CVE-2009-0079; CVE-2009-0080)

ASPX Spy, is an ASPX program that allows easy control over a compromised web server. Using this program, an attacker can upload files through the web browser and execute them. A remote attacker may exploit web application vulnerabilities that will allow him to upload the ASPX Spy tool to a target...

9CVSS7AI score0.36829EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/01/15 12:0 a.m.•66 views

Update Protection against Roundcubemail PHP Arbitrary Code Injection

A vulnerability has been identified in RoundCube Webmail, a browser-based IMAP client. The vulnerability could be triggered via a specially crafted POST request to compromise a vulnerable web server...

10CVSS6.2AI score0.54003EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2007/02/13 12:0 a.m.•66 views

Sun Solaris Telnet Service Unauthorized Remote Login (CVE-2007-0882)

A vulnerability has been reported in Sun Solaris telnet daemon. The vulnerability is due to an error in the Sun Solaris telnet daemon in.telnetd that fails to properly validate authentication information prior to passing it to the 'login' process. An attacker can exploit this flaw to bypass...

10CVSS6.8AI score0.97848EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2022/11/13 12:0 a.m.•65 views

D-Link Central WiFiManager CWM-100 Remote Code Execution (CVE-2019-13372)

A remote code execution vulnerability exists in D-Link Central WiFiManager CWM-10. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.80682EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/11/10 12:0 a.m.•65 views

Part-DB Project Unrestricted File Upload (CVE-2022-0848)

An unrestricted file upload vulnerability exists in Part-DB Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5AI score0.35436EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•65 views

Advantech iView Command Injection (CVE-2022-2143)

A command injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation of the backupfilename parameter while updating NetworkServlet database...

3.3AI score0.59184EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/10/06 12:0 a.m.•65 views

Craft CMS Command Injection (CVE-2020-9757)

A Command Injection vulnerability exists in Craft CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.7AI score0.73434EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/11/17 12:0 a.m.•65 views

Stivasoft Fundraising Script SQL Injection (CVE-2020-22223; CVE-2020-22225; CVE-2020-22226)

An SQL injection vulnerability exists in Stivasoft Fundraising Script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS9.9AI score0.01096EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/11/16 12:0 a.m.•65 views

PlaySMS index.php Remote Code Execution (CVE-2020-8644)

A remote code execution vulnerability exists in PlaySMS. Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.86689EPSS
Exploits6
Total number of security vulnerabilities5000