Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2010/10/12 12:0 a.m.•24 views

Microsoft Internet Explorer 8 toStaticHTML API Information Disclosure (MS10-072; CVE-2010-3243)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...

4.3CVSS5.9AI score0.1572EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/10/12 12:0 a.m.•24 views

Internet Explorer CSS Special Character Information Disclosure (MS10-071; CVE-2010-3325)

CSS Cascading Style Sheets is a formatting method for Web pages using HTML. An information disclosure vulnerability has been reported in the way Microsoft Internet Explorer processes CSS special characters. The vulnerability is due to the way Internet Explorer improperly process CSS special...

4.3CVSS5.6AI score0.22441EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/08/25 12:0 a.m.•24 views

Adobe Shockwave Player IML32.dll XtcL Denial of Service (APSB10-20; CVE-2010-2869)

Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A denial of service vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due t...

9.3CVSS6.1AI score0.04674EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/08/18 12:0 a.m.•24 views

Apple QuickTime Crafted HTTP Error Response Buffer Overflow (CVE-2008-0234)

Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video stream formats, which include RSTP. There exists a buffer overflow vulnerability in Apple QuickTime application. The flaw ...

9.3CVSS7.6AI score0.12405EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/08/11 12:0 a.m.•24 views

CA BrightStor ARCserve Backup Tape Engine RPC Code Execution (CVE-2007-0168)

There exists a vulnerability in Computer Associates BrightStor ARCserve Backup products. The flaw is due to a design weakness in the processing of RPC requests sent to the Tape Engine service. A remote unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code o...

7.5CVSS7.5AI score0.19776EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/08/10 12:0 a.m.•24 views

Microsoft Word RTF Parsing Engine Memory Corruption (MS10-056; CVE-2010-1901)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to insufficient data validation by Microsoft Office Word when handling rich text data. A remote attacker could trigger this flaw by convincin...

9.3CVSS7.2AI score0.19399EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/07/28 12:0 a.m.•24 views

IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflow (CVE-2007-6593)

There is a buffer overflow vulnerability exists in IBM Lotus Notes. The vulnerability is due to a boundary error within the Lotus 1-2-3 file viewer. A remote attacker could leverage this vulnerability by enticing a target user to view the maliciously crafted email attachment. Successful attack...

8.8CVSS7.5AI score0.06301EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/07/11 12:0 a.m.•24 views

Microsoft Publisher Object Handler Validation Code Execution (MS08-027; CVE-2008-0119)

Microsoft Publisher is an application that allows users to design, layout, and format documents destined to be published in print, on the web, and various other formats. Microsoft Publisher is released as part of Microsoft Office as well as stand-alone application. Microsoft Publisher saves...

9.3CVSS7.1AI score0.30869EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/06/10 12:0 a.m.•24 views

Multiple Vendors AgentX receive_agentx Integer Overflow (CVE-2010-1319)

AgentX++ is a C++ object API written by Frank Fock. It is an implementation of the AgentX protocol which is used in multiple applications; including RealNetworks Helix Server and Helix Mobile Server. A buffer overflow vulnerability has been reported in multiple products that use the AgentX++...

10CVSS7.6AI score0.05113EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/06/08 12:0 a.m.•24 views

Microsoft Excel DBQueryExt Record Memory Pointer Corruption (MS10-038; CVE-2010-1253)

Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. A remote code execution vulnerability has been identified in Microso...

9.3CVSS7.1AI score0.25692EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/06/06 12:0 a.m.•24 views

RealNetworks Helix Server NTLM Authentication Heap Overflow (CVE-2010-1317)

Helix Server is a multi-media server that is designed to serve streaming and static audio and video content. A heap-based buffer overflow vulnerability has been reported in RealNetworks Helix Server products. The flaw is due to an error when handling Base64-encoded NTLM Authentication data. A...

7.5CVSS7.6AI score0.01617EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/05/11 12:0 a.m.•24 views

Symantec Products CLIproxy.dll ActiveX Control Buffer Overflow (CVE-2010-0108)

Symantec Antivirus and Symantec Client Security are applications designed to protect organizations from the threat of viruses, malware, and intrusion attempts. Both applications can be deployed in an enterprise network environment, and they both support an anti-virus scanning mechanism, a firewal...

10CVSS7.5AI score0.19405EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/04/13 12:0 a.m.•24 views

Update Protection against Microsoft SMB Client Transaction Memory Corruption Vulnerability (MS10-020)

A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation. The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote attacker may exploit this vulnerability to take complete control ...

10CVSS7.1AI score0.48188EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/04/07 12:0 a.m.•24 views

Gravity GTD rpc.php Malformed objectname Parameter (CVE-2008-5962; CVE-2008-5963)

Gravity GTD is an open source list manager for tracking action items according to the principles of Getting Things Done GTD. There exist multiple vulnerabilities in Gravity GTD. One attack vector could allow remote attackers to conduct directory traversal attacks and possibly read or write...

10CVSS7.8AI score0.03398EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/03/18 12:0 a.m.•24 views

Novell ZENworks Desktop Management ActiveX Control Buffer Overflow (CVE-2008-5073)

Novel ZENworks Desktop Management is a resource management solution for workstations and laptops. The product include various software components that are installed on management and managed computers. One of these software components is an ActiveX control implemented in file AxNalServer.dll. A...

9.3CVSS7.9AI score0.05312EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/01 12:0 a.m.•24 views

Microsoft TCP IP Selective Acknowledgement Denial of Service (MS10-009; CVE-2010-0242)

TCP/IP SACK is used for connections with large TCP window sizes. When SACK is enabled, if a packet or series of packets is dropped the receiver can inform the sender of exactly which data has been received and where the holes in the data are. The sender can then selectively retransmit the missing...

7.8CVSS6.1AI score0.67717EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/21 12:0 a.m.•24 views

Orbit Downloader Download Argument Processing Stack Buffer Overflow (CVE-2008-1602)

There exists a buffer overflow vulnerability in Orbit Downloader. The vulnerability is caused due to insufficient boundary checking when the application processes the URL string. An attacker may exploit this vulnerability by enticing a target user to open a malicious long URL. Successful...

10CVSS7.7AI score0.6749EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2010/02/18 12:0 a.m.•24 views

Microsoft Works File Converter WPS File Section Header Index Table Stack Overflow (MS08-011; CVE-2008-0105)

Microsoft Works is a home/office productivity software suite. Its core functionality includes a word processor, a spreadsheet, and a database. A Microsoft Works Document, normally denoted by the extension .wps, has numerous properties which define the appearance of the document, as well as some...

9.3CVSS7.4AI score0.43757EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/02/10 12:0 a.m.•24 views

Apple QuickTime MOV File String Handling Integer Overflow (CVE-2005-2753)

Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous video formats. QuickTime is capable of processing the Apple QuickTime movie file format, which is a proprietary format created by Appl...

5.1CVSS7.2AI score0.02139EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/08 12:0 a.m.•24 views

Microsoft Outlook Web Access Cross-Site Scripting (MS05-029; CVE-2005-0563)

Microsoft Outlook Web Access OWA is a component of Microsoft Exchange Server. OWA allows authorized users to send and receive email, manage a calendar, and perform other functions using a web browser. OWA utilizes HTML, CSS and scripting techniques to present the user interface through the web...

4.3CVSS5.5AI score0.14217EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/08 12:0 a.m.•24 views

Microsoft OLE Automation String Manipulation Heap Overflow (MS07-043; CVE-2007-2224)

Microsoft Object linking and embedding OLE Automation is the formal inter-process communication mechanism based on Component Object Model COM. It provides an infrastructure whereby applications called automation controllers can access and manipulate shared automation objects that are exported by...

9.3CVSS7.8AI score0.34534EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/07 12:0 a.m.•24 views

Apple QuickTime FlashPix File Buffer Overflow (CVE-2009-2798)

Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. One of the image file formats supported by QuickTime is the FlashPix image format. A heap buffer overflow...

9.3CVSS7.4AI score0.05718EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/02 12:0 a.m.•24 views

Microsoft PowerPoint Viewer TextBytesAtom Record Stack Overflow (MS10-004; CVE-2010-0033)

PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a stack overflow in Microsoft PowerPoint TextBytesAtom record when processing malicious PowerPoint...

9.3CVSS7.4AI score0.51073EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2010/01/14 12:0 a.m.•24 views

Sun Java Web Start Splashscreen PNG Processing Buffer Overflow (CVE-2009-1097)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It facilitates network deployment of applications developed with the Java programming language. This component enables stand-alone Java applications to be downloaded from a remote network location and run on a target...

9.3CVSS6.8AI score0.07089EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/01 12:0 a.m.•24 views

Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow (CVE-2006-0272)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

9CVSS7.9AI score0.05819EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2009/11/29 12:0 a.m.•24 views

Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)

Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...

4.6CVSS8AI score0.74202EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/11/18 12:0 a.m.•24 views

Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection (CVE-2005-1197)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...

7.5CVSS7.1AI score0.04265EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/15 12:0 a.m.•24 views

CVS Max-dotdot Protocol Command Integer Overflow (CVE-2004-0417)

Concurrent Versions System CVS is an open-source network-transparent version control system. CVS itself does not listen for, or accept network connections. To implement remote repository access, it can be installed as an inetd service, or invoked with the rsh/ssh command. Data between the server...

5CVSS7.5AI score0.03069EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/05 12:0 a.m.•24 views

Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (CVE-2005-4267)

The Internet Message Access Protocol IMAP allows the access and manipulation of electronic mail. A buffer overflow vulnerability exists in the IMAP service component of Qualcomm WorldMail. The flaw is caused by insufficient boundary checks when processing IMAP commands. An unauthenticated attacke...

7.5CVSS7.5AI score0.66803EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2009/11/01 12:0 a.m.•24 views

Oracle Application Server Reports Arbitrary System Command Execution (CVE-2005-2371)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Reports Services. The Reports Services component allows...

5CVSS7AI score0.22288EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/26 12:0 a.m.•24 views

EMC Dantz Retrospect Backup Agent Denial of Service (CVE-2006-0995)

The EMC Retrospect Backup product suite is based on an agent and server model. The backup server can initiate backups, backup remote client machine, as well perform scheduled backups. The agent component is installed on a machine that is to be backed up by the server. The agent can be made to...

5CVSS6.3AI score0.01814EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/15 12:0 a.m.•24 views

Castle Rock Computing SNMPc Network Manager Community String Buffer Overflow (CVE-2008-2214)

SNMPc is a secure distributed network management system developed by Castle Rock Computing. SNMPc uses Simple Network Management Protocol SNMP to communicate with other network entities. A buffer overflow vulnerability exists in Castle Rock Computing SNMPc Network Manager. The vulnerability can b...

10CVSS7.5AI score0.08838EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/03/10 12:0 a.m.•24 views

Workaround for Microsoft Windows Kernel Input Validation Remote Code Execution Vulnerability (MS09-006)

A remote code execution vulnerability has been discovered in the Windows kernel. The Windows kernel is the core of the operating system. It provides system level services, allocates processor time to processes, and manages error handling. This vulnerability is caused by the improper validation of...

9.3CVSS7.4AI score0.32106EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/02/10 12:0 a.m.•24 views

Microsoft Exchange Server MS-TNEF Memory Corruption (MS09-003; CVE-2009-0098)

The Microsoft Exchange Server is an implementation of an email server capable of handling numerous Internet protocol, including the Simple Mail Transfer Protocol SMTP. Transport Neutral Encapsulation Format TNEF is a format used by the Microsoft Exchange Server when sending messages formatted as...

9.3CVSS7.2AI score0.24919EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/02/06 12:0 a.m.•24 views

Update Protection against AXIS Communications Camera Control image_pan_tilt Buffer Overflow

A buffer overflow vulnerability was reported in the ActiveX Camera Control by AXIS Communications. A remote image/video monitoring solution, AXIS Camera Control is an ActiveX control with multiple functions that can be used over HTTP. The vulnerability is due to a boundary error that can be...

9.3CVSS7.7AI score0.05767EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2008/12/09 12:0 a.m.•24 views

Microsoft Word RTF Control Word Handling Integer Overflow (MS08-072; CVE-2008-4025)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

9.3CVSS7.2AI score0.32943EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2008/11/18 12:0 a.m.•24 views

Sun Solaris rpc.ypupdated Command Injection (CVE-1999-0208)

Sun Solaris provides its Network Information Service NIS services through the SUN-RPC remote procedure call mechanism. One of these services is called rpc.ypupdated which is responsible for duplicating information from master NIS server to slave servers. A command injection vulnerability exists i...

10CVSS7.3AI score0.12856EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2008/08/15 12:0 a.m.•24 views

Security Best Practice: Familiarize Yourself with the Network Quota Protection

Network Quota enforces a limit upon the number of connections that are allowed from the same source IP, to protect against Denial Of Service attacks...

5CVSS6.3AI score0.01632EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2008/07/08 12:0 a.m.•24 views

Update Protection against CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability

A buffer overflow vulnerability has been discovered in CA BrightStor ARCserve Backup. Computer Associates CA provides a group of security and management products for enterprise as well as individual clients. CA BrightStor ARCserve Backup provides centralized control over a series of distributed...

7.5CVSS7.7AI score0.14716EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2007/11/07 12:0 a.m.•24 views

Apple QuickTime PICT Image Parsing Malformed Records (CVE-2007-4672; CVE-2007-4676; CVE-2009-0010)

Apple QuickTime is a multimedia player that supports a wide range of media formats. A buffer overflow vulnerability has been reported in Apple QuickTime. A remote attacker can exploit this vulnerability via a specially crafted PICT file - an image file format that can be processed by the QuickTim...

9.3CVSS7.2AI score0.46662EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2007/01/09 12:0 a.m.•24 views

Internet Explorer VML Buffer Overrun (MS07-004; CVE-2007-0024)

Microsoft Internet Explorer IE contains a remote code execution vulnerability. The vulnerability exists in Microsoft Vector Markup Language VML. VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. By convincing a user to visit a specially crafted Web...

9.3CVSS7.6AI score0.46488EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2006/12/31 12:0 a.m.•24 views

Update Protection against Sun Directory Server LDAP Denial of Service

There exists a vulnerability in the Sun Directory Server. The flaw is caused due to improper handling of certain overly large LDAP messages. An unauthenticated remote attacker may exploit this vulnerability by sending a crafted LDAP message to the target host which may terminate the affected LDAP...

5CVSS6.3AI score0.09651EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2006/10/11 12:0 a.m.•24 views

Update Protection against Microsoft Management Console (MMC) Remote Code Execution Vulnerability (MS06-044)

Microsoft Management Console MMC is prone to a cross-site scripting XSS vulnerability. MMC is an application that allows a user to perform administrative tasks, configure Windows services and more. A remote attacker can exploit this vulnerability to execute arbitrary commands on an affected syste...

6CVSS4.5AI score0.20488EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2006/07/16 12:0 a.m.•24 views

Security Best Practice: Protect Yourself from DCOM vulnerabilities

The Distributed Component Object Model DCOM is a protocol that enables software components to communicate directly over a network. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP.There are several known and...

10CVSS6.5AI score0.98626EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2006/05/22 12:0 a.m.•24 views

Preemptive Protection against GlobalSCAPE Secure FTP Server Remote Denial of Service

GlobalSCAPE Secure FTP Server is an FTP server application for Microsoft Windows. The application is susceptible to a remote denial of service vulnerability. The issue is triggered when an unspecified custom command with a lengthy parameter line is passed to the server, causing the server to cras...

5CVSS2.5AI score0.01857EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2005/02/01 12:0 a.m.•24 views

IGMP (CAN-2004-1137)

...

10CVSS6.4AI score0.20825EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/17 12:0 a.m.•23 views

WordPress Core Cross-Site Scripting (CVE-2022-21662)

A cross-site scripting vulnerability exists in WordPress. This vulnerability is due to improper input validation...

3.5CVSS1.5AI score0.63712EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/14 12:0 a.m.•23 views

Delta Industrial Automation DIAEnergie Cross-Site Scripting (CVE-2021-44471)

A stored cross-site scripting vulnerability exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to input validation error when processing name parameter in HandlerAlarmGroup.ashx endpoint...

4.3CVSS2.8AI score0.00657EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/10 12:0 a.m.•23 views

Zoho ManageEngine ServiceDesk Cross-Site Scripting (CVE-2021-46065)

A cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk. The vulnerability is due to improper sanitization of secondary email field parameter...

3.5CVSS1.8AI score0.91737EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2022/11/09 12:0 a.m.•23 views

Nagios IM Command Injection (CVE-2019-9202)

A command injection vulnerability exists in Nagios IM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS5.8AI score0.24176EPSS
Exploits3
Total number of security vulnerabilities5000