Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•6 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0175)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...

2.1CVSS4.7AI score0.07048EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/08 12:0 a.m.•8 views

SAP GUI regsvr32.exe Rule Security Policy Bypass (CVE-2017-6950)

A security policy bypass vulnerability has been reported in SAP GUI. The vulnerability is due to improper implementation of client side security policies regarding the Windows application regsvr32.exe. A remote attacker could exploit this vulnerability by enticing an user to connect to a maliciou...

7.5CVSS3.1AI score0.03785EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/08 12:0 a.m.•4 views

HPE Intelligent Management Center FileUploadServlet Directory Traversal (CVE-2017-5794)

A directory traversal vulnerability exist in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploadServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HTTP request...

9CVSS2.8AI score0.03431EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/08 12:0 a.m.•9 views

Ghostscript Type Confusion Arbitrary Command Execution (CVE-2017-8291)

An arbitrary code execution vulnerability exists within Ghostscript. This vulnerability is due to the way Ghostscript parses .eps files. An attacker can manipulate a .eps file and run arbitrary commands on the victims computer...

6.8CVSS4.7AI score0.96968EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/05/08 12:0 a.m.•16 views

Moodle Remote Code Execution (CVE-2017-2641)

A remote code execution vulnerability exists in Moodle. The vulnerability is due to object injection through a legacy user preferences setting. A remote attacker can exploit this vulnerability to execute PHP code at the vulnerable Moodle server...

7.5CVSS3AI score0.1453EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/05/07 12:0 a.m.•12 views

Joomla Core HTML Attributes Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7986)

A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...

4.3CVSS6.6AI score0.00787EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/07 12:0 a.m.•19 views

WordPress Unauthorized Password Reset (CVE-2017-8295)

An unauthorized password reset vulnerability exists in WordPress core. The vulnerability is due to WordPress using untrusted data when creating a password reset e-mail. Successful exploitation of this vulnerability could allow a remote attacker to reset user's password and gain unauthorized acces...

4.3CVSS3.2AI score0.26699EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/05/07 12:0 a.m.•6 views

Joomla Core Sterilizer Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7985)

A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...

4.3CVSS6.8AI score0.01333EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/04 12:0 a.m.•23 views

ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)

An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...

10CVSS3.5AI score0.22011EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/04 12:0 a.m.•0 views

Popcorn Time Subtitles Remote Code Execution

A remote code execution vulnerability exists in Popcorn Time Subtitles mechanism. The vulnerability is due to the way PopcornTime appends subtitles to its Interface. A remote attacker can exploit this issue by uploading a malicious subtitles file to Open Subtitles. Successful exploitation could...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/04 12:0 a.m.•2 views

Kodi Open Subtitles Addon Remote Code Execution

A remote code execution vulnerability exists in Kodi OpenSubtitles Addon. The vulnerability is due to the way the addon parses the subtitles file name. A remote attacker can exploit this issue by uploading a malicious subtitles file to Open Subtitles. Successful exploitation could result in...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/04 12:0 a.m.•6 views

ManageEngine Applications Manager MenuHandlerServlet SQL Injection (CVE-2016-9488)

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the configid parameter when processing requests sent to MenuHandlerServlet servlet. By sending crafted request messages, a remote unauthenticated attacker can exploi...

7.5CVSS5.2AI score0.04772EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/05/03 12:0 a.m.•2 views

ALLPlayer M3U File Stack Buffer Overflow (CVE-2013-7409)

A stack buffer overflow vulnerability exists in ALLPlayer. The vulnerability is due to insufficient bounds checking on a M3U file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted M3U file. Successful exploitation could lead to arbitrary code...

7.5CVSS4.8AI score0.67936EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/03 12:0 a.m.•10 views

HPE Intelligent Management Center FileDownloadServlet fileName Directory Traversal (CVE-2017-5795)

A directory traversal vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on the fileName parameter in FileDownloadServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HTTP...

7.1CVSS1.9AI score0.03471EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/03 12:0 a.m.•20 views

Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow (CVE-2017-16671; CVE-2017-7617)

A buffer overflow exists in the CDR engine of Digium Asterisk. The vulnerability is due to a lack of size checking when setting the user field of a CDR. A remote, authenticated attacker can exploit this vulnerability by sending a crafted message to an affected Asterisk server...

6.5CVSS4.5AI score0.06243EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/01 12:0 a.m.•9 views

Microsoft Edge asm.js Type Confusion (CVE-2017-0093)

A type confusion vulnerability has been reported in Microsoft Edge Scripting Engine. The vulnerability is due to improper parsing of eval function arguments when it accesses an asm.js function. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...

7.6CVSS7AI score0.13691EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/01 12:0 a.m.•6 views

Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3053)

An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG...

4.3CVSS6.6AI score0.03404EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/01 12:0 a.m.•1 views

Foxit PDF Reader Title Stack Buffer Overflow

A stack buffer overflow vulnerability has been reported in Foxit PDF Reader. The vulnerability is due to mishandling of an overly long string in the Title field. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted pdf file...

3.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/01 12:0 a.m.•7 views

Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3051)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory in a specially crafted JPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPG file ...

9.3CVSS8.5AI score0.04184EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•0 views

Mac OSX/Dok Unauthorized Remote Access

A MacOSX malware exists in the wild. A remote attacker can send the malware via mail, and then entice the victim to execute it by means of social engineering. Activating this malware results in complete remote control over the victim's machine...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•4 views

Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3050)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted Gif file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS8.5AI score0.04184EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•3 views

Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3044)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.4AI score0.20377EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•5 views

Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3046)

An information disclosure vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

4.3CVSS6.7AI score0.04107EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•3 views

Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3049)

A Heap Overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file...

9.3CVSS8.2AI score0.09384EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•1 views

Trend Micro SafeSync for Enterprise deviceTool.pm devid Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of user-supplied HTTP parameters. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system...

2.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•5 views

Adobe Acrobat and Reader Use After Free (APSB17-11: CVE-2017-3047)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.05062EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•3 views

Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3048)

A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the TIFF decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file...

9.3CVSS8.9AI score0.13663EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•6 views

HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow (CVE-2017-5789)

A heap buffer overflow vulnerability exists in HP LoadRunner and Performance Center. The vulnerability is due to insufficient validation of the length of XDR encoded string. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable...

7.5CVSS9.3AI score0.17864EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•3 views

Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3052)

An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted EMF file...

4.3CVSS6.6AI score0.03404EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/30 12:0 a.m.•6 views

Zinf Audio Player PLS File Stack Buffer Overflow (CVE-2004-0964)

A stack buffer overflow vulnerability exists in Zinf Audio Player 2.2.1. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...

10CVSS3.7AI score0.62678EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/04/27 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3037)

A memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to excessive recursive calls leading to a stack overflow. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS8.9AI score0.06338EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/27 12:0 a.m.•12 views

Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)

A remote code execution vulnerability exist in Microsoft Remote Procedure Call RPC. The vulnerability is due to the way RPC service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execut arbitrary...

10CVSS9.5AI score0.98751EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2017/04/27 12:0 a.m.•4 views

Oracle Solaris Remote Shell Code Execution (CVE-2017-3623)

A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...

10CVSS3.3AI score0.21798EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/04/27 12:0 a.m.•33 views

Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure (CVE-2017-8225)

An information disclosure vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

7.5CVSS8.5AI score0.17865EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/04/26 12:0 a.m.•5 views

Adobe Reader and Acrobat Use After Free Code Execution (APSB17-11: CVE-2017-3035)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.04963EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/26 12:0 a.m.•1 views

Microsoft Windows EternalBlue SMB Remote Code Execution

A remote code execution vulnerability exists in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...

8.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/26 12:0 a.m.•2 views

Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution

A code execution vulnerability exists in multiple Wireless IP Camera P2P WIFICAM cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/26 12:0 a.m.•1 views

Microsoft Windows Eternalromance SMB Remote Code Execution

A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/25 12:0 a.m.•0 views

AOL Phobos.Playlist ActiveX Control Stack Buffer Overflow

A buffer overflow vulnerability exists in AOL 9.5. The vulnerability is due to a boundary error when handling a certain function call with an overly long value. Remote attackers can exploit this vulnerability by enticing a target user to open a specially crafted web page with an embedded code tha...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/25 12:0 a.m.•0 views

WordPress Yerlte Security Scanner

Yerlte is a vulnerability scanning product. Remote attackers can use Yerlte to detect vulnerabilities on a target WordPress server...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/25 12:0 a.m.•3 views

Adobe Acrobat and Reader Memory Corruption (APSB17-11: CVE-2017-3039)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS8.5AI score0.0346EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•4 views

Adobe Acrobat and Reader Heap Overflow (APSB17-11: CVE-2017-3042; CVE-2017-3054)

A Heap Overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS7.3AI score0.14452EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•1 views

Mini-Stream RM-MP3 Converter PLS File Stack Buffer Overflow

A stack buffer overflow vulnerability exists in Mini-Stream RM-MP3 Converter. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB17-10: CVE-2017-3064)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.13454EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•8 views

Adobe Flash Player Use After Free Code Execution (APSB17-10: CVE-2017-3059)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS3.7AI score0.09511EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•3 views

Trend Micro SafeSync for Enterprise rollback Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to the rollback end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•6 views

Rockwell Automation Logix Controller Stack Buffer Overflow (CVE-2016-9343)

A stack buffer overflow vulnerability exists in Rockwell Automation Logix Controllers. The vulnerability is due to insufficient bounds checking. A successful exploitation could lead to arbitrary code execution...

7.5CVSS5.8AI score0.10494EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•2 views

GnuTLS Proxy Certificate Information Extension Memory Corruption (CVE-2017-5334)

A memory corruption vulnerability has been reported in the GnuTLS library. The vulnerability is due to improper handling of the Proxy Certificate Information extension in X.509 certificates. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted X.509 certificate to a...

7.5CVSS2.9AI score0.32754EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/24 12:0 a.m.•1 views

Weak SSL DES Cipher Suites

DES is a widely supported stream cipher often preferred by TLS servers and other servers using encrypted sessions. Recent cryptanalysis results one of which is the SWEET32 exploit biases in the DES keystroke to recover repeatedly encrypted plain-texts. As a result DES can no longer be seen as...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/23 12:0 a.m.•1 views

Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage pm page. The vulnerability is due to insufficient validation of the user-supplied parameters defining an iSCSI device to be discovered. A remote, authenticated attacker could exploit this vulnerability by...

3.5AI score
Exploits0
Total number of security vulnerabilities13538