Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/07/21 12:0 a.m.•26 views

Symantec Web Gateway Multiple PHP Pages Cross Site Scripting (CVE-2014-1652)

A cross-site scripting vulnerability exists in Symantec Web Gateway. Successful exploitation could result in attacker-controlled script code being executed in the browser context of the Symantec Web Gateway management console. The vulnerability is due to improper validation of "variable",...

2.3CVSS1.6AI score0.01702EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/06/10 12:0 a.m.•26 views

Advantech WebAccess SQL Injection Information Disclosure (CVE-2014-0763)

Multiple vulnerabilities have been reported in Advantech WebAccess. A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server...

6.7AI score0.19243EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•26 views

Microsoft SharePoint Cross-site Scripting (MS14-022; CVE-2014-1754)

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...

6.1AI score0.11073EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•26 views

Microsoft SMB Client Transaction Memory Corruption - Ver2 (CVE-2010-0270)

A memory corruption vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the Microsoft SMB client implementation that fails to properly validate fields in the SMB response. Successful exploitation of this vulnerability could allow a remote attacker to...

10CVSS7.1AI score0.48188EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•26 views

Lenovo Veriface III Plain Image Authentication Bypass - Ver2 (CVE-2009-0655)

An authentication bypass vulnerability has been reported in Lenovo Veriface III. Successful exploitation of this vulnerability could allow a remote attacker to bypass login authentication and gain unauthorized access to the vulnerable system...

6.8AI score0.00397EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•26 views

Apple Quicktime RTSP URL Buffer Overflow - Ver2 (CVE-2007-0015)

Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying still image files as well as numerous audio and video formats. It also provides libraries and plugins for other applications, such as browsers, to read QuickTime media...

6.8CVSS7.8AI score0.48419EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•26 views

Google Android Vold Volume Manager Integer Wrap Root Exploit Privilege Escalation - Ver2 (CVE-2011-1823)

A privilege escalation vulnerability has been reported in Google Android Operating System. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

7.2CVSS6.7AI score0.41634EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/04/16 12:0 a.m.•26 views

Microsoft Excel SST Invalid Length Use After Free - Ver2 (CVE-2012-1887)

A use-after-free vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to an error in Microsoft Excel while handling specially crafted Excel files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...

7.1AI score0.25099EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/04/07 12:0 a.m.•26 views

Autodesk AutoCAD Insecure Library Loading (CVE-2014-0819)

An insecure library loading vulnerability has been reported in AutoCAD. The vulnerability is due to an improper dynamic link library DLL search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an AutoCAD file from a malicio...

3.4AI score0.00428EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•26 views

GDI PNG Heap Overflow - Ver2 (CVE-2009-2501)

A buffer overflow vulnerability has been reported in GDI+. An attacker could exploit this vulnerability via a crafted PNG image file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.2AI score0.26824EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•26 views

Apple Webkit HTML Parsing Rowspan Denial of Service - Ver2 (CVE-2007-0342)

A denial-of-service vulnerability has been reported in Apple Mac OS X. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

4.3CVSS6.2AI score0.02159EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•26 views

Adobe Multiple Products PDF JavaScript Method Buffer Overflow - Ver2 (CVE-2007-5659)

A buffer overflow vulnerability has been reported in multiple Adobe products. The vulnerability is due to insufficient input validation in certain JavaScript methods. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or...

9.3CVSS7.5AI score0.94222EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/03/27 12:0 a.m.•26 views

FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow - ver 2 (CVE-2014-1452)

A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote, unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of...

5.8CVSS8AI score0.01894EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/27 12:0 a.m.•26 views

Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301)

A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...

9.3CVSS6.2AI score0.13974EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•26 views

Apache Santuario XML Security for Java DTD Denial of Service (CVE-2013-4517)

A denial of service vulnerability exists in Apache Santuario XML Security for Java. The vulnerability is due to the allowing of Document Type Definitions DTDs when validating signatures. A remote attacker can exploit this vulnerability by providing a specially crafted XML signature. Successful...

3AI score0.08863EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•26 views

Adobe Acrobat Reader customDictionaryOpen Memory Corruption - Ver2 (CVE-2009-1493)

A memory corruption vulnerability has been reported in Adobe Reader. The vulnerability is due to insufficient input validation in the implementation of the customDictionaryOpen JavaScript method. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious PD...

7.1AI score0.21826EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•26 views

Microsoft PowerPoint Converter SoundEntity Record Code Execution - Ver2 (CVE-2009-1128)

A code execution vulnerability has been reported in Microsoft Office PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafted older PowerPoint 95 formatted files. A remote attacker could exploit this vulnerability by...

7.4AI score0.27472EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/02/03 12:0 a.m.•26 views

Oracle 9i HTTP Server Web Administration Access Privilege Escalation - Ver2 (CVE-2002-0561)

A privilege escalation vulnerability has been reported in Oracle 9i Application Server. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

6.7AI score0.09666EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/03 12:0 a.m.•26 views

Comet WebFileManager CheckUpload.php Language Parameter PHP Code Execution - Ver2 (CVE-2006-4077)

A code execution vulnerability has been reported in Vincenzo Valvano Comet WebFileManager CWFM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5AI score0.03184EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/01/07 12:0 a.m.•26 views

Microsoft IIS ASP Handling Code Execution (MS08-006) - Ver2 (CVE-2008-0075)

Microsoft Internet Information Services IIS is a multi-featured server product that ships with all versions of Microsoft. The product provides FTP, SMTP, NNTP and HTTP services. The HTTP component, known as the WWW Publishing Service, allows for the serving of dynamic content, notably in the form...

10CVSS7.4AI score0.57167EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/12/22 12:0 a.m.•26 views

Sybase Multiple Products Directory Traversal (CVE-2011-2474)

A directory traversal vulnerability has been reported in multiple Sybase products...

6.5AI score0.63612EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/12/10 12:0 a.m.•26 views

Microsoft Internet Explorer Memory Corruption (MS13-097: CVE-2013-5052)

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

9.3CVSS7.5AI score0.1253EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/09/10 12:0 a.m.•26 views

Microsoft Internet Explorer Memory Corruption (MS13-069: CVE-2013-3203)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.23912EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/07/09 12:0 a.m.•26 views

Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3163)

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7AI score0.70676EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/07/09 12:0 a.m.•26 views

Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3145)

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7AI score0.25039EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/06/30 12:0 a.m.•26 views

Novell GroupWise Client ActiveX gwmim1.ocx Untrusted Pointer Dereference (CVE-2013-0804)

An untrusted pointer dereference vulnerability has been reported in the ActiveX control for Novell GroupWise Client for Windows...

6.4AI score0.12398EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/18 12:0 a.m.•26 views

WordPress Plugin Google Document Embedder Arbitrary File Disclosure (CVE-2012-4915)

A remote code execution vulnerability has been reported in Google Doc Embedder Plugin for WordPress...

5CVSS7.3AI score0.50017EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/06/11 12:0 a.m.•26 views

Internet Explorer Text Element Use After Free (MS13-047; CVE-2013-3121)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.19427EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/11 12:0 a.m.•26 views

Microsoft Internet Explorer Multiple Dom Objects Memory Corruption (MS13-047; CVE-2013-3124)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.19345EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/28 12:0 a.m.•26 views

Citadel SMTP RCPT Remote Buffer Overflow - High Confidence (CVE-2008-0394)

The Citadel Server is a mail server product geared towards small and medium size organizations. The product implements POP3, IMAP4, and SMTP services. The SMTP server module is installed and started in a default installation. There exists a buffer overflow vulnerability in Citadel SMTP Server. Th...

7.5CVSS7.7AI score0.11948EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•26 views

ACDSee FotoSlate PLP File id Parameter Overflow (CVE-2011-2595)

A parameter overflow vulnerability exists in ACDSee FotoSlate. The vulnerability is due to boundary errors in FSEngine4.dll when processing the "id" attribute certain tags. A remote attacker could trigger this flaw by tricking a victim into opening a specially crafted malicious .plp file...

6.4AI score0.6128EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/04/14 12:0 a.m.•26 views

Smart Software Solutions CoDeSys CmpWebServer Content-Length NULL Pointer (CVE-2011-5009)

Denial of service has been reported in Smart Software Solutions CoDeSys CmpWebServer.The vulnerability is due to insufficient validation of incoming HTTP POST requests to TCP port 8080.A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the affected...

5CVSS6.2AI score0.10775EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/27 12:0 a.m.•26 views

cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)

The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...

7.5CVSS6.8AI score0.22913EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•26 views

Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)

An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...

6.8CVSS9.4AI score0.93797EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•26 views

Internet Explorer CHTML Use After Free (MS13-009; CVE-2013-0029)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.30339EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/01/13 12:0 a.m.•26 views

Novell File Reporter FSFUI Arbitrary File Retrieval (CVE-2012-4958)

A file retrieval vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests, resulting in the retrieval of the contents of a file. A remote attacker can exploit this issue by sending a specially crafted request to the affected...

7.8CVSS6.4AI score0.73514EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2012/11/25 12:0 a.m.•26 views

Wireshark DECT Dissector Stack Buffer Overflow (CVE-2011-1591)

A stack buffer overflow vulnerability has been reported in Wireshark DECT dissector. The vulnerability is caused due to improper bounds checking. A remote attacker can exploit this vulnerability by enticing a user to read a specially crafted packet trace file. Successful exploitation would allow ...

9.3CVSS7.5AI score0.41744EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2012/11/13 12:0 a.m.•26 views

Microsoft Excel SerAuxErrBar Heap Overflow (MS12-076; CVE-2012-1885)

A remote code execution vulnerability has been reported in Microsoft Excel...

7.3AI score0.29287EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2012/07/23 12:0 a.m.•26 views

RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow (CVE-2012-0942)

A buffer overflow vulnerability has been reported in RealNetworks Helix Server...

6.8AI score0.04168EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2012/07/02 12:0 a.m.•26 views

Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)

An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component...

9AI score0.77633EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2012/02/14 12:0 a.m.•26 views

Microsoft Windows msvcrt.dll Media File Code Execution (MS12-013; CVE-2012-0150)

A remote code execution vulnerability has been reported in Microsoft Windows...

7.3AI score0.24272EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2011/12/06 12:0 a.m.•26 views

Oracle Outside In CorelDRAW File Parser Integer Overflow (CVE-2011-2264; CVE-2011-3541)

An integer overflow vulnerability has been reported in Oracle Outside-In. The vulnerability is due to improper bounds checking of user-supplied values while parsing malicious CorelDRAW cdr files. A remote attacker may exploit this vulnerability by sending a malicious CDR file to a target user...

4.4CVSS7AI score0.31114EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2011/11/15 12:0 a.m.•26 views

SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow (CVE-2007-5603)

An arbitrary code execution vulnerability has been reported in SonicWall SSL-VPN NetExtender. The vulnerability is due to insufficient length validation by an ActiveX control. A remote attacker may exploit this vulnerability by sending a specially crafted request to an affected service. Successfu...

9.3CVSS7.5AI score0.37981EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2011/09/27 12:0 a.m.•26 views

ESTsoft ALZip MIM File Buffer Overflow (CVE-2011-1336)

A remote code execution vulnerability has been reported in ESTsoft's ALZip. The vulnerability is due to an error while parsing MIME files. A remote attacker may exploit this vulnerability by sending a specially crafted .mim file to an affected user. Successful exploitation of this vulnerability...

9.3CVSS7.2AI score0.05539EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2011/08/23 12:0 a.m.•26 views

7T Interactive Graphical SCADA System (IGSS) Directory Traversal (CVE-2011-1565)

A directory traversal vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to read a...

10CVSS7AI score0.64063EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2011/07/05 12:0 a.m.•26 views

Uniscribe Font Parsing Engine Remote Code Excution (MS10-063; CVE-2010-2738)

This is a memory corruption vulnerability in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. Remote attacker could trigger this flaw by enticing a user to open a specially crafted TTF file. Successful...

9.3CVSS7.1AI score0.18537EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2011/06/22 12:0 a.m.•26 views

Adobe Audition Session File Stack Buffer Overflow (APSB11-10; CVE-2011-0614)

Adobe Audition formerly Cool Edit Pro is a digital audio workstation from Adobe Systems featuring both a multi-track, non-destructive mix/edit environment and a destructive-approach waveform editing view. A stack buffer overflow exists in Adobe Audition. The vulnerability is due to an error when...

9.3CVSS6.6AI score0.13711EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2011/04/27 12:0 a.m.•26 views

Microsoft Windows Media Player PNG Chunk Handling Stack Overflow (MS06-024) - High Confidence (CVE-2006-0025)

An attacker can exploit this vulnerability by enticing a user to open a crafted PNG file, resulting in the possible injection and execution of arbitrary code on the target system with the privileges of the currently logged-in user. A remote stack buffer overflow vulnerability has been discovered ...

9.3CVSS7.4AI score0.48723EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2011/02/27 12:0 a.m.•26 views

RealNetworks RealPlayer RecordClip Parameter Injection Code Execution (CVE-2010-3749)

RealNetworks RealPlayer is a cross-platform media player that supports multiple multimedia formats such as: MP3, MPEG-4, QuickTime, Windows Media, and RealAudio and RealVideo formats. RealPlayer contains many features including streaming capabilities, media browser, video download, and CD ripping...

9.3CVSS7.8AI score0.26086EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2011/02/16 12:0 a.m.•26 views

Microsoft Windows SMB mrxsmb.sys Remote Heap Overflow (CVE-2011-0654)

A heap buffer overflow vulnerability has been reported in the Microsoft Windows Server Message Block SMB implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to create a denial of service...

10CVSS7.4AI score0.68084EPSS
Exploits3
Total number of security vulnerabilities5000