Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2010/08/18 12:0 a.m.•23 views

Suspicious Characters in FTP User Name (CVE-2009-0542; CVE-2010-2453)

File Transfer Protocol is a popular protocol. FTP server may ask connecting users for their usernames and passwords. While the official FTP specification allows all characters in user names certain FTP servers fail to properly parse FTP usernames that contain special characters, most notably...

7.5CVSS6.2AI score0.77398EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/08/02 12:0 a.m.•23 views

IBM Lotus Notes DOC Attachment Viewer Buffer Overflow (CVE-2007-5544)

Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over a range of protocols, such as: SMTP, POP, and IMAP. A stack buffer overflow vulnerability exists in the way IBM Lotu...

6.2CVSS7.5AI score0.0027EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/07/19 12:0 a.m.•24 views

Digium Asterisk Multiple Products IAX2 Handshake Denial of Service (CVE-2008-1897)

There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to...

4.3CVSS6.3AI score0.02743EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/07/13 12:0 a.m.•23 views

Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)

Microsoft Internet Explorer is the most widely used Internet browser. Safari is a web browsing application developed by Apple. A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a...

9.3CVSS6.8AI score0.08315EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/05/27 12:0 a.m.•23 views

PHF CGI Program Remote Command Execution (CVE-1999-0067)

There exists a vulnerability in the sample cgi bin program, PHF, which is included with NCSA httpd, and Apache 1.0.3, an NCSA derivitive. By supplying certain characters with special meaning to the shell, arbitrary commands can be executed by remote users. In case of a successful attack, a remote...

10CVSS7.2AI score0.86871EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/05/12 12:0 a.m.•23 views

Preemptive Protection against Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities (APSB10-11)

Multiple cross-site scripting XSS vulnerabilities have been discovered in Adobe ColdFusion server. Adobe ColdFusion is an application server for developing dynamically generated Web sites. Cross-site scripting occurs when a Web-based application fails to validate user input before returning it to...

4.3CVSS6.4AI score0.02493EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/09 12:0 a.m.•23 views

Microsoft Excel XLSX File Parsing Code Execution (MS10-017; CVE-2010-0263)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...

9.3CVSS7.1AI score0.25692EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/18 12:0 a.m.•23 views

Apple QuickTime crgn Atom Parsing Memory Corruption (CVE-2008-1017)

Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. There exists a memory corruption vulnerability in Apple QuickTime application. The vulnerability is due to...

6.8CVSS7.1AI score0.07163EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/01/25 12:0 a.m.•23 views

BlackBerry Application Web Loader ActiveX Control Buffer Overflow (CVE-2009-0305)

The BlackBerry Application Web Loader allows to download the BlackBerry applications from a web server using a browser supporting ActiveX controls onto a handheld device. It makes deployment of new applications and updates easier for developers. A user can load the application to their BlackBerry...

9.3CVSS7.8AI score0.16919EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/01/04 12:0 a.m.•23 views

Qualcomm WorldMail IMAP Server Directory Traversal (CVE-2005-3189)

The Qualcomm WorldMail product is an email and messaging server. The product is designed for small to large enterprise environments. WorldMail provides, amongst other services, an IMAP server which allows email retrieval. There exists a directory traversal vulnerability in Qualcomm WorldMail IMAP...

5CVSS6.6AI score0.05838EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/27 12:0 a.m.•23 views

Internet Explorer COM Object Instantiation Memory Corruption (MS06-021; CVE-2006-1303)

Microsoft Internet Explorer is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The browser is also compatible with Microsoft's Common Object Model COM scheme, whereby...

9.3CVSS6.9AI score0.38125EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/23 12:0 a.m.•23 views

Microsoft Office Malformed GIF File Processing Code Execution (MS06-039; CVE-2006-0007)

The Microsoft Office is a popular application suite that consists of several independent applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and others. The suite ships with a set of image processing helper libraries known as graphics filters. The graphics filters are used...

9.3CVSS7.5AI score0.19519EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/23 12:0 a.m.•23 views

Preemptive Protection against HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow

A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program webappmon.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...

10CVSS7.7AI score0.1345EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•23 views

Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)

The Internet Information Server IIS is a Web server packaged with several versions of the Windows operating system. The server is capable of serving static, as well as dynamic content. Several Microsoft Windows IIS servers support the World Wide Web Distributed Authoring and Versioning WebDAV...

7.5CVSS7.2AI score0.86396EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2009/11/29 12:0 a.m.•24 views

RealNetworks RealPlayer SMIL File Handling Buffer Overflow (CVE-2005-0455)

The Synchronized Multimedia Integration Language SMIL is a W3C standard based on XML. SMIL is the standard markup language for timing and controlling streaming media clips for media players. A stack buffer overflow vulnerability exists in RealNetworks RealPlayer and RealOne Player. The flaw exist...

5.1CVSS7.5AI score0.5399EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2009/11/18 12:0 a.m.•23 views

Symantec VERITAS NetBackup vnetd Buffer Overflow (CVE-2006-0991)

The Symantec VERITAS NetBackup server product suite is an enterprise backup system solution available for various platforms. It is capable of performing scheduled automatic backups as well as manual backups invoked by a client. A minimal backup environment consists of backup agents and a master...

7.1CVSS7.4AI score0.10972EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2009/11/17 12:0 a.m.•23 views

Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...

7.5CVSS7.1AI score0.04265EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/16 12:0 a.m.•23 views

Microsoft SMB Endless Loop Denial of Service (CVE-2009-3676)

The SMB Protocol is a network file sharing protocol. A denial of service vulnerability has been reported in the way that Microsoft Server Message Block SMB protocol software handles specially crafted SMB packets. The vulnerability is due to an error in the Microsoft Server Message Block SMB...

7.1CVSS5.9AI score0.34336EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/11/03 12:0 a.m.•23 views

Oracle Database dbms_assert Filter Bypass (CVE-2006-5340)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

7.1CVSS7.5AI score0.04332EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/01 12:0 a.m.•23 views

Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)

Apache Tomcat is an implementation of the Java Servlet and JavaServer pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...

5CVSS6.7AI score0.99708EPSS
Exploits24
Check Point Advisories
Check Point Advisories
•added 2009/10/13 12:0 a.m.•23 views

CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (CVE-2007-0169)

Computer Associates BrightStor ARCserve Backup and Business Protection Suite families of software products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, dat...

7.5CVSS7.5AI score0.68809EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2009/10/12 12:0 a.m.•23 views

Internet Explorer IsComponentInstalled Buffer Overflow (CVE-2006-1016)

The Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, scripting languages and interpretation of various other popular Internet specifications. There exists a buffer overflow vulnerability in the IsComponentInstalled function...

7.5CVSS7.2AI score0.66674EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/10/12 12:0 a.m.•23 views

Microsoft DirectShow AVI Decoder Buffer Overflow (MS05-050; CVE-2005-2128)

Microsoft DirectX is a set of low-level application programming interfaces APIs for creating high-performance multimedia applications. Microsoft DirectShow is an architecture for streaming media on the Microsoft Windows platform and provides for the capture and playback of multimedia streams. It...

5CVSS6.3AI score0.40492EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/10/01 12:0 a.m.•23 views

Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution (CVE-2008-0236)

Microsoft Visual FoxPro 6.0 is designed for building data-centric Windows applications. Visual FoxPro 6.0 is shipped with a set of various ActiveX controls that are registered on the host upon installation. Specifically, an ActiveX control vfp6r.dll is included. There exists an access control...

5.8CVSS6.9AI score0.17384EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2009/09/08 12:0 a.m.•23 views

JScript Scripting Engine Web Pages Decoding Code Execution (MS09-045; CVE-2009-1920)

JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. The vulnerability is due to a memory...

9.3CVSS7.1AI score0.21507EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/07/22 12:0 a.m.•23 views

Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow (CVE-2009-1394)

Motorola Timbuktu is a remote monitoring and control product available for Microsoft Windows and other operating systems. A buffer overflow vulnerability exists in Motorola Timbuktu Pro. The vulnerability is due to boundary errors when handling PlughNTCommand named pipe payloads. Remote attackers...

9.3CVSS7AI score0.33281EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2009/06/09 12:0 a.m.•23 views

Microsoft Excel BRAI Record Pointer Corruption (MS09-021; CVE-2009-0549)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the Microsoft Excel. The vulnerability is due to a memory corruption error in Microsoft Excel when loading specially crafted Excel files that include a malformed record object. The...

9.3CVSS7.2AI score0.28446EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/05/12 12:0 a.m.•23 views

Microsoft PowerPoint Converter SlideRec Record Memory Corruption (MS09-017; CVE-2009-0222)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially craft...

9.3CVSS7.3AI score0.31632EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/05/08 12:0 a.m.•23 views

Update Protection against HP OpenView Network Node Manager ovalarmsrv Integer Overflow

HP OpenView Network Node Manager NNM is a software application designed for management, maintenance and monitoring of networks and network devices. The application fails to properly validate maliciously crafted requests. By sending a crafted request, a remote unauthenticated attacker could overfl...

10CVSS7.7AI score0.11434EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/04/24 12:0 a.m.•23 views

Update Protection against Oracle Application Server 10g OPMN Service Format String Vulnerability

A vulnerability was reported in Oracle Application Server, a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw is due to insufficient validation of the URI part of HTTP requests. Remote attackers could exploit this vulnerability by sending a...

7.5CVSS7AI score0.07945EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/12/09 12:0 a.m.•23 views

Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073; CVE-2008-4258)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...

8.5CVSS7.1AI score0.17841EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2008/11/18 12:0 a.m.•23 views

iseemedia LPViewer ActiveX Control Multiple Buffer Overflows (CVE-2008-4384)

iseemedia is a software development company focused on the commercialization of advanced, rich content adaptation and distribution solutions for Web applications. iseemedia's platforms are used by websites worldwide. The iseemedia LPViewer ActiveX control contains multiple buffer overflow...

9.3CVSS7.5AI score0.28706EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2008/10/14 12:0 a.m.•23 views

Microsoft Excel FRTWrapper Record Buffer Overflow (MS08-057; CVE-2008-3471)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel processes objects when loading Excel files into memory. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation wh...

9.3CVSS7.6AI score0.52318EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/09/14 12:0 a.m.•23 views

Trend Micro objRemoveCtrl ActiveX Control Multiple Buffer Overflows (CVE-2008-3364)

Trend Micro OfficeScan is a centralized virus and security scan management system. A buffer overflow vulnerability has been reported in Trend Micro OfficeScan. The vulnerability is due to a boundary error in the OfficeScan ActiveX control objRemoveCtrl. To trigger this issue, an attacker may crea...

9.3CVSS7.2AI score0.32811EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2008/09/13 12:0 a.m.•23 views

Microsoft Windows Media Encoder 9 ActiveX Control Buffer Overflow (MS08-053; CVE-2008-3008)

Windows Media Encoder is a tool for capturing audio and video content. A remote code execution vulnerability has been reported in the Windows Media Encoder 9 Series.The vulnerability is due to an error in a Windows Media Encoder 9 Series ActiveX control that was never intended to be instantiated ...

9.3CVSS7.3AI score0.54553EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2008/09/09 12:0 a.m.•23 views

Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052; CVE-2008-3014)

Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap information. A remote code execution vulnerability has been discovered in the way GDI+ allocates memory for WMF image files. The vulnerability is d...

9.3CVSS7.3AI score0.36722EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/08/12 12:0 a.m.•23 views

EPS Files (CVE-2008-3019)

EPS is a standard file format for importing and exporting PostScript files. It is usually a single page PostScript program that describes an illustration or an entire page. An EPS file can contain any combination of text, graphics and images. A remote code execution vulnerability was reported in...

9.3CVSS7.1AI score0.3008EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/05/13 12:0 a.m.•23 views

Microsoft Word RTF File Handling Memory Corruption (MS08-026; CVE-2008-1091)

A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted Rich Text Format .rtf files. A remote attacker could trigger this flaw by convincing a victim to op...

9.3CVSS6.9AI score0.40511EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2008/02/24 12:0 a.m.•24 views

Preemptive Protection against Novell Client nwspool.dll EnumPrinters Function Buffer Overflow Vulnerability

A buffer overflow vulnerability has been discovered in the Novel Client for Windows. The flaw is due to a boundary error in Novell Client's Spooler service nwspool.dll. The vulnerable service is included with the Novell Client for Microsoft Windows, and provides access to remote printing services...

10CVSS7.6AI score0.23186EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2008/02/12 12:0 a.m.•23 views

Internet Explorer Image Processing Memory Corruption (MS08-010; CVE-2008-0078)

Microsoft Internet Explorer is the most widely used Internet browser. The vulnerability is due to a memory corruption error in Microsoft Internet Explorer when handling argument validation, under certain circumstances, in image processing. A remote attacker could exploit this issue by convincing ...

9.3CVSS7.2AI score0.29062EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2007/12/18 12:0 a.m.•23 views

Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)

A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include AVI files. A remote attacker can...

9.3CVSS7.3AI score0.36234EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2006/07/05 12:0 a.m.•23 views

Update Protection against VWar Remote File Inclusion Vulnerability

Several vulnerabilities have been reported in Virtual War VWar due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system...

7.5CVSS3.4AI score0.02044EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2006/07/05 12:0 a.m.•23 views

Update Protection against Symantec Sygate Management Server SQL Injection Vulnerability

A vulnerability was identified in Symantec's Sygate Management Server SMS. A remote attacker could supply code into a URL which would allow the attacker to overwrite the password for any SMS account. Successful exploitation would allow the attacker to access any SMS console with the account's...

7.5CVSS5.4AI score0.0276EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/17 12:0 a.m.•22 views

Zoho ManageEngine SQL Injection (CVE-2021-40493)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...

7.5CVSS1.5AI score0.50209EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/08 12:0 a.m.•22 views

Microsoft DWM Core Library Elevation of Privilege (CVE-2022-41096)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.2AI score0.00609EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/11/06 12:0 a.m.•22 views

Nagios XI SQL Injection (CVE-2019-9165)

An SQL injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.05255EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2022/11/03 12:0 a.m.•22 views

WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting (CVE-2022-0364)

A stored cross-site scripting vulnerability exists for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section...

3.5CVSS1.8AI score0.69552EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2022/10/31 12:0 a.m.•22 views

Atlassian Bitbucket Command Injection (CVE-2022-36804)

A command injection vulnerability exists in Atlassian Bitbucket. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5AI score0.99077EPSS
Exploits24
Check Point Advisories
Check Point Advisories
•added 2022/10/27 12:0 a.m.•22 views

SmarterTools SmarterMail Directory Traversal (CVE-2019-7213)

A directory traversal vulnerability exists in SmarterTools SmarterMail. Successful exploitation of this vulnerability could allow a remote attacker to upload or delete arbitrary files on the vulnerable server...

5.5CVSS5.5AI score0.42113EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2022/10/27 12:0 a.m.•22 views

Victor CMS Remote Code Execution (CVE-2022-27478)

A remote code execution vulnerability exists in Victor CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS6AI score0.20013EPSS
Exploits1
Total number of security vulnerabilities5000