Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2010/06/27 12:0 a.m.•27 views

Oracle Database SQL Compiler Access Control Security Bypass (CVE-2007-3855)

There exists a security bypass vulnerability in the Oracle Database Server product. Specifically, the flaw exists due to improper enforcement of user permissions on data access to tables through certain types of views. A remote authenticated attacker may use this vulnerability to perform UPDATE,...

6.5CVSS5.9AI score0.15815EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2010/05/31 12:0 a.m.•27 views

Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)

ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on the Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and...

5CVSS5.8AI score0.37158EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/05/20 12:0 a.m.•27 views

Microsoft Excel Malformed Filter Records Handling Code Execution (MS07-023; CVE-2007-1214)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

6.8CVSS7.2AI score0.28478EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/04/27 12:0 a.m.•27 views

IBM Lotus Notes WPD Attachment Handling Buffer Overflow (CVE-2008-4564)

Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over the SMTP, POP, and IMAP protocols. A stack-based buffer overflow vulnerability exists in the IBM Lotus Notes WPD. Th...

9.3CVSS7.7AI score0.06757EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/04/13 12:0 a.m.•27 views

Microsoft SMB Client Message Size Remote Code Execution (MS10-020; CVE-2010-0477)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation. The vulnerability is due to an error in the Microsoft SMB client...

10CVSS7.2AI score0.50186EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/03/17 12:0 a.m.•27 views

CA Multiple Products HTTP Request Buffer Overflow (CVE-2005-3190)

The Computer Associates CA BrightStor backup server product line provides facilities for integration with third party software and hardware products to consolidate storage management tasks. CA uses an XML-based interface named iSponsor/iGateway to integrate with storage management applications fr...

7.5CVSS7.7AI score0.65615EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2010/03/11 12:0 a.m.•27 views

QuickTime-Darwin Denial of Service (CVE-2004-0169)

A vulnerability exists in the Quicktime Streaming Server and Darwin Streaming Server that allows remote users to cause a denial of service condition on the server. The vulnerability can be exploited to cause the service to either crash or consume all available processor resources. The...

5CVSS6.1AI score0.03474EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/01 12:0 a.m.•27 views

Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032; CVE-2004-0209)

The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...

10CVSS7.3AI score0.62054EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2010/02/25 12:0 a.m.•27 views

Internet Explorer CSS Strings Parsing Memory Corruption (MS07-045; CVE-2007-0943)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The application is also capable of using Cascading Style Sheets CSS. A remote code execution...

6.8CVSS7.4AI score0.2711EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/23 12:0 a.m.•27 views

Trend Micro OfficeScan Console Authentication Buffer Overflow (CVE-2007-3454)

Trend Micro OfficeScan is a centralized virus and security scan management system. It is meant to consolidate the coordination of security scan actions and the management of Trend Micro virus scanner products installed on the nodes of an enterprise network. The product is a central command centre...

10CVSS7.7AI score0.05531EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/02/21 12:0 a.m.•27 views

CA Multiple Products gui_cm_ctrls ActiveX Control Memory Corruption (CVE-2008-1786)

CA Computer Associates provides a group of products intended for enhancing the security of enterprise as well as individual clients. A memory corruption vulnerability exists in CA Multiple Products. The issue is due to an insufficient verification of function arguments. A remote attacker could...

9.3CVSS7.2AI score0.06818EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/04 12:0 a.m.•27 views

RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of Service (CVE-2009-2533)

Helix Server is a multi media server that is designed to serve streaming and static audio and video content. Helix project, Helix Server being part of it, is intended as a largely free software/open source digital media framework that runs on numerous operating systems and processors including...

5CVSS6.3AI score0.03396EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2010/01/31 12:0 a.m.•27 views

Symantec Multiple Products VRTSweb Code Execution (CVE-2009-3027)

Symantec VERITAS Web Server VRTSweb is a shared component shipped with multiple Symantec products. VRTSweb is a Web Restore Server Component which can be used for managing Server SSL certificates, configuring SMTP notifications, managing communication ports, and other tasks. VRTSweb is developed...

10CVSS7.3AI score0.10608EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/01/17 12:0 a.m.•27 views

Symantec Norton Firewall NBNS response Remote Heap Corruption (CVE-2004-0444)

When Symantec firewalls allow incoming UDP datagrams to port 137, any inbound UDP datagrams with a source port of 137 will be treated as NetBIOS Name Service messages and will be validated and parsed. The Symantec firewall product line is vulnerable to a remote heap corruption attack in the...

10CVSS7.6AI score0.12798EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/21 12:0 a.m.•27 views

Microsoft DirectX RLE Compressed Targa Image File Heap Overflow (CVE-2006-4183)

Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. The three-dimension 3D acceleration engine of DirectX is known as Direct3D. Direct3D include texture rendering, which displays bitmap images on the surface of 3D...

6.8CVSS7.3AI score0.08163EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/15 12:0 a.m.•27 views

IBM Lotus Domino IMAP Server Buffer Overflow (CVE-2007-3510)

IBM Lotus Domino Server is a collaboration software that provides mail, messaging, calendaring and scheduling capabilities across multiple OS platforms. The product implements numerous services based on open standards, including SMTP, IMAP, and POP3. Lotus Notes is the client implementation of th...

9CVSS7.6AI score0.05033EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/12/14 12:0 a.m.•27 views

Oracle Database Server XDB PITRIG_TRUNCATE Procedure Buffer Overflow (CVE-2008-0339)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

10CVSS8.3AI score0.1453EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2009/12/07 12:0 a.m.•27 views

Novell eDirectory SOAP Handling Accept Language Header Heap Overflow (CVE-2008-4479)

Novell eDirectory is an X.500 and LDAP compatible directory service software product developed by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. The product is made available for multiple platforms including NetWare, Unix-like...

10CVSS8.3AI score0.10331EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/07 12:0 a.m.•27 views

Internet Explorer Malformed GIF File Double Free (MS04-025; CVE-2003-1048)

The Graphics Interchange Format GIF defines a file format intended for the on-line transmission and interchange of raster graphic data. It uses the LZW compression algorithm to minimize file sizes. A double free vulnerability exists in the way Microsoft Internet Explorer handles images of the GIF...

10CVSS7.1AI score0.26628EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/02 12:0 a.m.•27 views

MediaWiki Language Option PHP Code Execution (CVE-2005-4031)

MediaWiki is a web-based enterprise collaboration platform developed in the PHP scripting language. The software is a set of CGI programs that are loaded and executed by an HTTP server. It typically runs as a document management system, or a knowledge base. The web content of a MediaWiki...

7.5CVSS7.2AI score0.03226EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/25 12:0 a.m.•27 views

Novell iManager Tomcat HTTP POST Request Handling Denial of Service (CVE-2006-4517)

Novell iManager is a web-based administration console that provides management of many other Novell products. During installation, if the Windows Web Publishing Services IIS is not available, the installation program will install the Apache HTTP server. The iManager service itself is a Java web...

7.8CVSS6.4AI score0.03234EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/10 12:0 a.m.•27 views

Microsoft Office Excel SXDB Record Cache Memory Corruption (MS09-067; CVE-2009-3127)

Microsoft Excel is a popular spreadsheet application. A memory corruption vulnerability has been identified in Microsoft Excel.The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this flaw b...

9.3CVSS6.9AI score0.25075EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/11/10 12:0 a.m.•27 views

Microsoft Office Word Legacy File Remote Code Execution (MS09-068; CVE-2009-3135)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word.The vulnerability is due to an error in Microsoft Word that fails to properly parse specially crafted Word files. A remote attacker could trigger this flaw by convinci...

9.3CVSS4.4AI score0.35792EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/11/08 12:0 a.m.•27 views

Serv-U FTP Server Timezone MDTM Buffer Overflow (CVE-2004-0330)

Serv-U FTP Server is a widely-used FTP server that includes enterprise-grade features such as SSL support, ODBC and Windows NT/SAM user account management, virtual directories, compression etc. By default configuration, Serv-U FTP Server listens on 21/TCP for incoming FTP request. There exists a...

10CVSS7AI score0.8547EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/10/18 12:0 a.m.•27 views

Digium Asterisk SIP Invalid Response Code Denial of Service (CVE-2007-1594)

Asterisk is an open source software implementation of a telephone private branch exchange. Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. Asterisk supports a wide ran...

7.8CVSS6.1AI score0.02617EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/15 12:0 a.m.•27 views

Novell eDirectory Management Console Accept-Language Buffer Overflow (CVE-2009-0192)

Novell eDirectory is an X.500 and LDAP compatible directory service software product. It is developed by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. The product is made available for multiple platforms including NetWare,...

5CVSS8.3AI score0.1227EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/10/15 12:0 a.m.•27 views

Trend Micro ServerProtect TMregChange Stack Overflow (CVE-2007-4731)

Trend Micro ServerProtect offers anti-virus scanning for servers, detecting and removing viruses from files and compressed files. The product provides centralized control over a Windows-based management console for control of virus outbreaks, virus scanning, virus pattern file updates,...

10CVSS7.7AI score0.09561EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/10/14 12:0 a.m.•27 views

CA BrightStor ARCserve Backup Message Engine Insecure Methods (CVE-2007-5328)

CA BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exist unsecured Remote...

10CVSS6.9AI score0.06966EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/13 12:0 a.m.•27 views

Preemptive Protection against Microsoft GDI+ PNG Integer Overflow Vulnerability (MS09-062)

A remote code execution vulnerability has been discovered in the way that GDI+ allocates memory. The Microsoft Windows graphics device interface GDI enables applications to use graphics and formatted text on the video display and on the printer. A remote attacker may trigger this issue via a...

9.3CVSS9.3AI score0.23461EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/10/13 12:0 a.m.•27 views

Microsoft LSASS Authentication Process Integer Overflow (MS09-059; CVE-2009-2524)

LSASS provides an interface for managing local security, domain authentication, and Active Directory service processes. It handles authentication for the client and for the server. An elevation of privilege vulnerability has been discovered in the Microsoft Windows Local Security Authority...

7.8CVSS6.3AI score0.2847EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/05 12:0 a.m.•27 views

Ipswitch WhatsUp Gold DOS Device HTTP Request Denial of Service (CVE-2004-0799)

WhatsUp is a network management and monitoring application developed by Ipswitch Inc. It has a built-in web server to enable remote access to the application. A vulnerability exists in the way the web server component of Ipswitch WhatsUp Gold processes a request that contains a special device nam...

5CVSS6.2AI score0.06202EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/01 12:0 a.m.•27 views

Skype skype4com URI Handler Remote Heap Corruption (CVE-2007-5989)

Skype is a peer-to-peer Voice over IP VoIP Internet telephony network solution. The product is used to transfer real time conversations between two peers over the Internet. Skype users can speak to other Skype users, receive calls from traditional phones, and receive voice-mail messages. Peers ar...

6.8CVSS7.7AI score0.04421EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/09/22 12:0 a.m.•27 views

HP OpenView Network Node Manager ovlaunch HTTP Request Buffer Overflow (CVE-2008-4562)

HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes hundreds of optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A vulnerability exists in HP...

10CVSS7.4AI score0.08437EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/09/17 12:0 a.m.•27 views

Novell GroupWise Email Address Processing Buffer Overflow (CVE-2009-1636)

Novell GroupWise is a client-server collaborative software and email system provided by Novell. A buffer overflow vulnerability has been reported in Novell GroupWise Internet Agent GWIA software.The vulnerability is due to an error while processing specially crafted SMTP requests.Specifically, th...

10CVSS7.6AI score0.08435EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/06/28 12:0 a.m.•27 views

Sun Solaris sadmind RPC Request Buffer Overflow (CVE-2008-3869; CVE-2008-3870)

sadmind is a daemon used to control the servers running Sun Solaris operating system. A buffer overflow vulnerability was identified in the sadmind service within the Sun Solaris operating system. The vulnerability is triggered in sadmind when decoding request parameters. This can be exploited to...

10CVSS6.6AI score0.078EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/06/09 12:0 a.m.•27 views

Microsoft Works Oversized Font Buffer Overflow (MS09-024; CVE-2009-1533)

Microsoft Works is home productivity software suite with fewer features than the Microsoft Office suite.The Microsoft Works Converter allows the user to open, edit, and save files in the Microsoft Works file format. A remote code execution vulnerability has been discovered in Microsoft Works...

9.3CVSS7.2AI score0.3562EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/05/12 12:0 a.m.•27 views

Microsoft PowerPoint Converter CoCollection Record Handling Error (MS09-017; CVE-2009-0226)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially craft...

9.3CVSS7.3AI score0.34794EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/04/13 12:0 a.m.•27 views

Update Protection against Microsoft Windows GDIplus GpFont.SetData Integer Overflow

A vulnerability has been reported in Microsoft Windows Graphics Device Interface GDI. GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. The vulnerability occurs when an application that uses the affected...

4.3CVSS6.2AI score0.16327EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/12/09 12:0 a.m.•27 views

Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)

A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save...

8.5CVSS7AI score0.20682EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/08/12 12:0 a.m.•27 views

Microsoft Excel COUNTRY Record Parsing Memory Corruption (MS08-043; CVE-2008-3006)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel parses record values. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation when parsing record values while...

9.3CVSS7.6AI score0.35649EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/07/28 12:0 a.m.•27 views

Novell iPrint Client ActiveX Control Stack Buffer Overflow (CVE-2008-2908)

Novell iPrint is an application that enables users to install and manage printers, or submit print job from a web browser. A stack buffer overflow vulnerability has been reported in Novell iPrint Client. The vulnerability is due to a boundary error in a Novell iPrint ActiveX control. To trigger...

9.3CVSS7.2AI score0.35423EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2008/07/08 12:0 a.m.•27 views

Microsoft Access Snapshot Viewer ActiveX Control Arbitrary File Download (CVE-2008-2463)

Microsoft Snapshot Viewer is an application that allows viewing of snapshots created with any version of Microsoft Access. A remote code execution vulnerability has been discovered in the Snapshot Viewer for Microsoft Access. The vulnerability is due to an error in the Snapshot Viewer ActiveX...

6.8CVSS7.3AI score0.59125EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2008/05/09 12:0 a.m.•27 views

Update Protection against HP OpenView Network Node Manager HTTP Handling Buffer Overflow Vulnerability

A buffer overflow vulnerability has been discovered in HP OpenView Network Node Manager. The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running...

10CVSS7.4AI score0.74345EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2007/07/10 12:0 a.m.•27 views

Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability

A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP VOIP protocols, including SIP. SIP Session Initiation Protocol is a protocol that can establish, modify, and terminate numerous multimed...

7.8CVSS6.2AI score0.02617EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2007/05/01 12:0 a.m.•27 views

Symantec Products SupportSoft ActiveX Control Multiple Buffer Overflows (CVE-2006-6490)

Multiple vulnerabilities have been reported in Symantec SupportSoft ActiveX controls. SupportSoft provides third party ActiveX controls used for remote assistance and other technical support functions. A remote attacker could cause the browser to crash allowing execution of arbitrary commands.The...

10CVSS8AI score0.1034EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2007/02/28 12:0 a.m.•27 views

Trend Micro OfficeScan Client ActiveX Control Buffer Overflow (CVE-2007-0325)

A vulnerability has been reported in the Trend Micro OfficeScan Client ActiveX control.OfficeScan Client is an integrated client which provides security protection for the network endpoints.A remote attacker could cause the browser to crash allowing execution of arbitrary commands.The vulnerabili...

9.3CVSS7.2AI score0.34006EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2007/01/01 12:0 a.m.•27 views

Microsoft IIS HTR Request Buffer Overflow (CVE-2002-0071)

...

7.5CVSS6.4AI score0.26054EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2006/09/14 12:0 a.m.•27 views

Update Protection against Indexing Service Cross-Site Scripting Vulnerability (MS06-053)

A cross-site scripting XSS vulnerability exists in Microsoft Windows Indexing Service. Indexing Service is a feature that supports rapid searching of file contents and properties by extracting information from files and storing it in indexes organized for fast searching. A remote attacker can...

4.3CVSS5.8AI score0.33221EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2006/07/05 12:0 a.m.•27 views

Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

JScript is Microsoft's implementation of the ECMA 262 language specification ECMAScript Edition 3. Microsoft JScript contains a memory corruption vulnerability. By convincing a user to visit a Web site or read an e-mail message containing a specially crafted JScript file, a remote attacker may be...

6.8CVSS6.4AI score0.28602EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2006/06/06 12:0 a.m.•27 views

Update Protection against Ipswitch WhatsUp Professional 2006 Multiple Vulnerabilities

WhatsUp is a tool from Ipswitch that monitors application and network. WhatsUp runs a custom web server for the application Web interface on port 8022. Multiple flaws have been identified in the server including XSS vulnerabilities, page redirection via cross site scripting and header spoofing...

5CVSS1.8AI score0.0353EPSS
Exploits0
Total number of security vulnerabilities5000