Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/10/06 12:0 a.m.•64 views

Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)

A remote code execution vulnerability has been reported in ForemanRed Hat OpenStack. The vulnerability is due to improper sanitization of certain parameters. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation would allow an...

6CVSS7.7AI score0.24782EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•64 views

Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)

A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...

10CVSS6.8AI score0.73929EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•64 views

Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)

A buffer overflow vulnerability exists in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability may lead to memory corruption in such a way that will allow code execution in the context of the current user...

8.7AI score0.74096EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2010/05/09 12:0 a.m.•64 views

Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution (MS06-037; CVE-2006-1308)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

9.3CVSS7.5AI score0.09278EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/28 12:0 a.m.•64 views

Microsoft Excel Malformed Range Code Execution (MS06-012; CVE-2005-4131)

Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...

6.8CVSS7.3AI score0.31108EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/02/27 12:0 a.m.•64 views

Update Protection against UltraVNC VNCViewer Authenticate Buffer Overflow

A buffer overflow vulnerability was reported in multiple Virtual Network Computing VNC based applications. Virtual Network Computing VNC is a graphical desktop sharing technology desigend to remotely control another computer. The flaw is due to improper validation of length value in network...

10CVSS6.7AI score0.13334EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2008/11/11 12:0 a.m.•64 views

Microsoft Visual Basic ActiveX Controls Remote Code Execution (MS08-070; CVE-2008-3704; CVE-2008-4252; CVE-2008-4253; CVE-2008-4254; CVE-2008-4255; CVE-2008-4256)

Visual Basic is an event-driven programming language that was created by Microsoft for building stand alone Windows-based programs. Developers can use it for quickly building GUI applications. Several remote code execution vulnerabilities have been reported in Microsoft Visual Basic: CVE-2008-425...

9.3CVSS7.7AI score0.55917EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2006/07/23 12:0 a.m.•64 views

Office Files (CVE-2006-1308; CVE-2006-1540; CVE-2006-3431; CVE-2007-0934; CVE-2007-0936)

...

9.3CVSS6.4AI score0.43664EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2022/11/24 12:0 a.m.•63 views

GE MDS PulseNET XML External Entity Expansion (CVE-2018-10613)

An XML external entity expansion vulnerability exists in GE MDS PulseNET. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

5CVSS2.1AI score0.18282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/24 12:0 a.m.•63 views

Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)

A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...

3.5CVSS1.4AI score0.72678EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/23 12:0 a.m.•63 views

Airspan AirSpot 5410 Command Injection (CVE-2022-36267)

A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5AI score0.53752EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2022/11/06 12:0 a.m.•63 views

Veeam Backup and Replication Authentication Bypass (CVE-2022-26501)

An authentication bypass vulnerability exists in Veeam Backup and Replication. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

10CVSS6.4AI score0.04278EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/08/15 12:0 a.m.•63 views

Microsoft Windows Parse Server Prototype Pollution (CVE-2022-24760)

A prototype pollution vulnerability exists in Microsoft Windows Parse Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS6.8AI score0.49081EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/04/20 12:0 a.m.•63 views

Oracle MySQL Cluster Buffer Overflow (CVE-2022-21279)

A buffer overflow vulnerability exists in Oracle MySQL. The vulnerability exists in the MySQL NDB Cluster component...

4CVSS3.7AI score0.78951EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/30 12:0 a.m.•63 views

WordPress WooCommerce Gutenberg Blocks Plugin SQL Injection (CVE-2021-32789)

An SQL injection vulnerability exists in WordPress WooCommerce Gutenberg Blocks Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

5CVSS3.8AI score0.17227EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/11/24 12:0 a.m.•63 views

WordPress Asgaros Forum Plugin SQL Injection (CVE-2021-24827)

An SQL injection vulnerability exists in WordPress Asgaros Forum plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS10AI score0.13285EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/09/24 12:0 a.m.•63 views

UDP Technology IP Camera Command Injection (CVE-2021-33544)

A command injection vulnerability exists in UDP Technology IP Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS8.5AI score0.95547EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/08/02 12:0 a.m.•63 views

WordPress BuddyPress Plugin Privilege Escalation (CVE-2021-21389)

A privilege escalation vulnerability exists in WordPress BuddyPress Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

9CVSS5.5AI score0.13882EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/02/07 12:0 a.m.•63 views

Ming-Soft MCMS SQL Injection (CVE-2020-23262)

An SQL injection vulnerability exists in Ming-Soft MCMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.2AI score0.01145EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•63 views

Web Servers Directory Traversal Attempt (CVE-2020-10631; CVE-2020-13158; CVE-2020-13886; CVE-2020-3240)

A directory traversal vulnerability exists in web servers. Successful exploitation of this vulnerability could result in information disclosure or execution of arbitrary code...

8.5CVSS4.1AI score0.53524EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/09/21 12:0 a.m.•63 views

Microsoft Exchange Memory Corruption (CVE-2020-16875)

A memory corruption vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS8.1AI score0.47145EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2019/09/18 12:0 a.m.•63 views

ZeroMQ libzmq Buffer Overflow (CVE-2019-13132)

A buffer overflow vulnerability exists in ZeroMQ libzmq. Successful exploitation of this vulnerability could allow the execution of arbitrary code on the target machine...

7.5CVSS4.4AI score0.42464EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/10/26 12:0 a.m.•63 views

ASUSWRT LAN Backdoor Remote Command Execution (CVE-2014-9583)

A remote command execution vulnerability exists in Asuswrt. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.9AI score0.80731EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•63 views

Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032) - Ver2 (CVE-2004-0209)

The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...

10CVSS2AI score0.62054EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/07/21 12:0 a.m.•63 views

Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)

A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...

10CVSS6.7AI score0.39589EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/07/14 12:0 a.m.•63 views

AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)

Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...

10CVSS6.9AI score0.72376EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/06/09 12:0 a.m.•63 views

ISPConfig Authenticated Arbitrary PHP Code Execution (CVE-2013-3629)

A code execution vulnerability has been reported in ISPConfig. The vulnerability is due to a flaw in the /content.php script that is triggered when parsing language files. An attacker could trigger this flaw via a specially crafted language file. Successful exploitation of this vulnerability coul...

6.5CVSS8.9AI score0.43103EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•63 views

Microsoft Windows Cinepak Codec Remote Code Execution (MS10-055) - Ver2 (CVE-2010-2553)

The Cinepak codec is a media encoder and decoder supported by the Windows Media Player. A remote code execution vulnerability has been reported in the way the Cinepak codec handles supported format files. The vulnerability is due to an error in the Cinepak codec that fails to properly handle...

9.3CVSS7.2AI score0.30895EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•63 views

Internet Explorer Option Element Memory Corruption (MS11-081) - Ver2 (CVE-2011-1996)

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer attempts to access objects that have not been initialized or have been deleted. A remote attacker could trigger this vulnerability by enticing an...

9.3CVSS7.2AI score0.60456EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•63 views

Microsoft Embedded OpenType Font Parser Directory Entry Code Execution - Ver2 (CVE-2009-2514)

A code execution vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.3AI score0.47489EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•63 views

Microsoft DirectX Crafted MJPEG Stream Handling Code Execution - Ver2 (CVE-2008-0011)

A code execution vulnerability has been reported in Microsoft DirectX application framework. The vulnerability is due to the way DirectX handles specially crafted MJPEG streams. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted ASF or AVI file,...

7.2AI score0.31589EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/12/31 12:0 a.m.•63 views

Cisco Prime Data Center Network Manager FileUploadServlet Arbitrary File Upload (CVE-2013-5486; CVE-2019-1620)

An arbitrary file upload vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadServlet when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to...

10CVSS9.4AI score0.8378EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2013/12/02 12:0 a.m.•63 views

Nagios statuswml.cgi Command Execution (CVE-2009-2288)

An arbitrary command execution vulnerability has been reported in Nagios...

6.8AI score0.83453EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2013/10/15 12:0 a.m.•63 views

Sophos Web Protection Appliance sblistpack Arbitrary Command Execution (CVE-2013-4983)

A command injection vulnerability has been reported in Sophos Web Protection Appliance. The vulnerability is due to sblistpack component, reachable from the web interface without authentication. An unauthenticated remote attacker could execute arbitrary OS commands on the Sophos appliance...

10CVSS7.8AI score0.90133EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2013/03/21 12:0 a.m.•63 views

VMware OVF Tool Format String Vulnerability (CVE-2012-3569)

A format string vulnerability has been reported in VMware OVF Tool...

6.3AI score0.47719EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2012/06/12 12:0 a.m.•63 views

Internet Explorer Same ID Property Remote Code Execution (MS12-037; CVE-2012-1875)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object that has been deleted. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a...

9.3CVSS7.6AI score0.61655EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2011/08/23 12:0 a.m.•63 views

7T Interactive Graphical SCADA System Arbitrary File Execution (CVE-2011-1566)

A file execution vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to execute...

10CVSS7.2AI score0.66982EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2010/05/12 12:0 a.m.•63 views

Oracle Database DBMS_JVM_EXP_PERMS System Command Execution (CVE-2010-0866; CVE-2010-0867)

Oracle Database server is an enterprise-level relational database application suite. A privilege escalation vulnerability exists in Oracle Database server that can allow users with limited privileges to execute arbitrary operating system commands on a target server. The vulnerability is due to an...

6.5CVSS7.3AI score0.1125EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2022/05/17 12:0 a.m.•62 views

Kaseya Unitrends Backup Remote Code Execution (CVE-2017-12478)

A remote code execution vulnerability exists in Kaseya Unitrends Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS6AI score0.78269EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2021/12/08 12:0 a.m.•62 views

Grafana Directory Traversal (CVE-2021-43798)

A directory traversal vulnerability exists in Grafana. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

5CVSS5.5AI score0.88849EPSS
Exploits44
Check Point Advisories
Check Point Advisories
•added 2021/03/22 12:0 a.m.•62 views

F5 BIG-IP Remote Code Execution (CVE-2021-22986; CVE-2021-22987; CVE-2022-1388)

A remote code execution vulnerability exists in F5 BIG-IP devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS6AI score0.99956EPSS
Exploits79
Check Point Advisories
Check Point Advisories
•added 2020/12/06 12:0 a.m.•62 views

PHP-Fusion downloads.php Privilege Escalation (CVE-2020-24949)

A privilege escalation vulnerability exists in PHP-Fusion. The vulnerability is due to insufficient validation of HTTP request parameters in downloads.php...

9CVSS2.5AI score0.67289EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/06/08 12:0 a.m.•62 views

VMware Cloud Director Remote Code Execution (CVE-2020-3956)

A remote code execution vulnerability exists in VMware Cloud Director. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.8AI score0.211EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2020/03/26 12:0 a.m.•62 views

Horde Groupware PHP File Inclusion (CVE-2020-8866)

A file inclusion vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4CVSS3.7AI score0.09579EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/02/11 12:0 a.m.•62 views

Advantech WebAccess Buffer Overflow (CVE-2019-13556)

A stack-based buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within giffconv.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a...

6.5CVSS4.6AI score0.02123EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/09/26 12:0 a.m.•62 views

Jenkins Git Client Plugin Remote Code Execution (CVE-2019-10392)

A remote code execution vulnerability exists in Jenkins Git Client Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.5AI score0.25779EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/05/24 12:0 a.m.•62 views

NETGEAR DGN2200 Remote Code Execution (CVE-2017-5521; CVE-2017-6077)

A remote code execution vulnerability has been reported in NETGEAR DGN2200 routers. Successful exploitation could lead to arbitrary code execution...

10CVSS5.7AI score0.89294EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2018/05/13 12:0 a.m.•62 views

Dasan GPON Router Authentication Bypass (CVE-2018-10561)

An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

7.5CVSS5.7AI score0.92887EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/04/23 12:0 a.m.•62 views

VIPA Controls WinPLC7 recv Stack-based Buffer Overflow (CVE-2017-5177)

A stack-based buffer overflow exists in VIPA Controls WinPLC7. The vulnerability is due to improper validation of a length field within received TCP packet data before copying the contents to a stack-based buffer. A remote attacker could exploit this vulnerability by sending maliciously crafted...

5CVSS4.4AI score0.17711EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/10/05 12:0 a.m.•62 views

Tuleap PHP Unserialize Code Execution (CVE-2014-8791)

This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...

6CVSS7.5AI score0.14766EPSS
Exploits7
Total number of security vulnerabilities5000