Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•26 views

Microsoft .NET Remote Code Execution (CVE-2017-0160)

A Remote Code Execution vulnerability exists in the Microsoft .Net Framework. The vulnerability happend when Microsoft .NET Framework fails to properly validate input before loading libraries. A remote attacker could exploit this vulnerability by sending specially crafted data to the target serve...

7.2CVSS7.6AI score0.17848EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•4 views

Microsoft Windows Graphics Elevation of Privilege (CVE-2017-0155)

An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafte...

6.9CVSS6.7AI score0.02106EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•6 views

Microsoft Edge Scripting Engine Information Disclosure (CVE-2017-0208)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...

4.3CVSS3.7AI score0.15281EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/09 12:0 a.m.•13 views

Adobe Flash Player Use After Free Code Execution (APSB17-10: CVE-2017-3058)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.06504EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/05 12:0 a.m.•2 views

Terror Exploit Kit

Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/04 12:0 a.m.•4 views

Cain And Abel RDP File Stack Buffer Overflow (CVE-2008-5405)

A stack-based buffer overflow exists in Oxid Cain and Abel. The vulnerability is due to insufficient bounds checking on a RDP file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted RDP file. Successful exploitation could allow administrator acces...

9.3CVSS3.9AI score0.46979EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/04/03 12:0 a.m.•2 views

Quagga VTY Interface Denial of Service (CVE-2017-5495)

A denial-of-service vulnerability has been discovered in Quagga. The vulnerability is due to an input validation error in the Quagga VTY service. A remote attacker can exploit this vulnerability by sending data without a newline character to a Quagga daemon's VTY interface...

7.8CVSS4AI score0.18803EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/02 12:0 a.m.•2 views

KaiXin Exploit Kit

KaiXin exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with KaiXin exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/02 12:0 a.m.•1 views

Neptune Exploit Kit

Neptune exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Neptune exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution...

5.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/30 12:0 a.m.•0 views

Suspicious Decimal IP Redirect

Many exploit kits, when connecting to HTTP servers for malware download, use a non-dotted decimal IP literal as the server name. Using such notation may be indicative of malware download...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/29 12:0 a.m.•14 views

Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248)

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the UnicastRef class in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted...

7.5CVSS8.9AI score0.97301EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2017/03/29 12:0 a.m.•13 views

Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)

A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful...

10CVSS1.4AI score0.99823EPSS
Exploits39
Check Point Advisories
Check Point Advisories
•added 2017/03/28 12:0 a.m.•12 views

Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2971)

A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the JPEG decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG file...

9.3CVSS3.9AI score0.09052EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/27 12:0 a.m.•7 views

HT-MP3Player 1.0 HT3 File Parsing Buffer Overflow (CVE-2009-2485)

A buffer overflow vulnerability exists in HT-MP3Player 1.0. The vulnerability exists because the affected software fails to perform sufficient boundary checks on user-supplied input when processing .ht3 files. A successful exploitation could lead to execution of arbitrary code on the targeted...

9.3CVSS5.3AI score0.58099EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/03/27 12:0 a.m.•3 views

HTTP Protocol Remote Code Execution

A remote code execution vulnerability exists in HTTP protocol. By sending a request containing a specially crafted EXE file, a remote attacker can exploit this vulnerability in order to execute arbitrary code on the effected system...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/26 12:0 a.m.•1 views

Trend Micro Control Manager Widget importFile.php Directory Traversal

A directory traversal vulnerability has been reported in Trend Micro Control Manager. This vulnerability is caused by improper sanitization of directory traversal characters by importFile php. A remote, unauthenticated attacker could exploit this vulnerability by uploading arbitrary files onto th...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/26 12:0 a.m.•7 views

Microsoft Windows iSNS Server Memory Corruption (MS17-012: CVE-2017-0104)

A memory corruption vulnerability exist in Windows iSNS Server. The vulnerability is due to incorrect input validation of malformed attribute in iSNS packet. A remote attacker can exploit this vulnerability to execute arbitrary code on the server...

9.3CVSS4.9AI score0.13823EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/26 12:0 a.m.•1 views

Maple Maplet File Creation and Command Execution

A command execution vulnerability exists in Maplesoft Maple. The vulnerability is due to insufficient security settings in the application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the application...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/23 12:0 a.m.•3 views

DJ Studio Pro PLS File Stack Buffer Overflow (CVE-2009-4656)

A stack buffer overflow vulnerability exists in DJ Studio Pro. The vulnerability is due to insufficient bounds checking on a PLS file. A successful exploitation could lead to arbitrary code execution in the security context of the target user...

9.3CVSS3.1AI score0.31721EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/03/22 12:0 a.m.•7 views

OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service (CVE-2017-3733)

A denial of service vulnerability has been reported in OpenSSL. This vulnerability is due to improper handling of the Encrypt-Then-Mac extension during renegotiation. A remote attacker could exploit this vulnerability in an OpenSSL client or server application by sending crafted packets during...

5CVSS3.4AI score0.12874EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/22 12:0 a.m.•9 views

McAfee ePolicy Orchestrator DataChannel GUID SQL Injection (CVE-2016-8027)

An SQL injection vulnerability exists in McAfee ePolicy Orchestrator. The vulnerability is due to insufficient input validation on the GUID parameter. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the affected server. Successful...

7.5CVSS3.6AI score0.05749EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/22 12:0 a.m.•9 views

Winamp Maki File Buffer Overflow (CVE-2009-1831)

A buffer overflow vulnerability has been reported in Nullsoft Winamp. The vulnerability is due to an incorrect type cast while parsing a .maki file, causing a buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...

9.3CVSS7.6AI score0.36337EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/03/21 12:0 a.m.•1 views

gAlan 0.2.1 Buffer Overflow

A stack buffer overflow vulnerability exists in gAlan 0.2.1. The vulnerability is due to inadequate boundary checks on user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the application...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/20 12:0 a.m.•3 views

VariCAD DWB File Stack Buffer Overflow

A stack buffer overflow vulnerability exists in VariCAD 2010. The vulnerability is due to insufficient bounds checking on a DWB file. A successful exploitation could lead to arbitrary code execution in the security context of the target user...

3.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/16 12:0 a.m.•1 views

Real Networks NetZip Classic Buffer Overflow

A buffer overflow vulnerability exists in Real Networks Netzip Classic. The vulnerability is due to improper boundary check error while handling ZIP files. A remote attacker can exploit this vulnerability to execute an arbitrary code on the victim's computer...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/15 12:0 a.m.•0 views

dotCMS H2 Database CategoriesServlet inode SQL Injection

An SQL injection vulnerability has been reported in dotCMS H2 Database. The vulnerability is due to insufficient validation of the inode parameter in HTTP request sent to the getCreateSortChildren function. A remote attacker could exploit this vulnerability by sending a malicious HTTP request to...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/15 12:0 a.m.•17 views

Brocade Network Advisor FileReceiveServlet filename Directory Traversal (CVE-2016-8204)

A directory traversal vulnerability exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation in the FileReceiveServlet servlet when processing HTTP multipart form requests. A remote, unauthenticated attacker can exploit this...

10CVSS2.2AI score0.07131EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/15 12:0 a.m.•12 views

AVTECH Devices Multiple Vulnerabilities (CVE-2013-4980; CVE-2013-4981; CVE-2013-4982)

Multiple vulnerabilities exist in AVTECH devices. An attacker could exploit this vulnerability via direct requests. Successful exploitation of this vulnerability could allow a remote attacker to gain access to the devices...

9CVSS4.7AI score0.13117EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•21 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.93307EPSS
Exploits46
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•0 views

Repetitive MySQL Login Failures

An attacker may attempt to gain access to MySQL server accounts by repeatedly trying to log in using various passwords, eventually finding the correct one, a technique known as "Brute Force". Successful exploitation may result in an unauthorized access to a MySQL server...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Microsoft Internet Explorer Information Disclosure (MS17-006: CVE-2017-0059)

Information disclosure vulnerabilities exists in Microsoft Internet Explorer. This vulnerability is due to improper handling of objects in memory. A successful exploitation could result in an out-of-bounds read and access to private user data...

4.3CVSS1.3AI score0.61968EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

CakePHP Cache Corruption Code Execution (CVE-2010-4335)

A remote code execution vulnerability exists in CakePHP. The vulnerability is due to the way the security component of CakePHP fails to validate user input. A remote attacker can exploit this issue by sending a specially crafted HTTP request...

7.5CVSS2AI score0.55204EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•1 views

Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0149)

An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS3.6AI score0.29189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Microsoft Internet Explorer Elevation of Privilege (MS17-006: CVE-2017-0154)

An elevation of privilege vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

5.8CVSS5.9AI score0.10565EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Microsoft Scripting Engine Information Disclosure (MS17-006: CVE-2017-0049)

An information disclosure vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

4.3CVSS5.3AI score0.38918EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0086)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.42546EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0133)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...

7.6CVSS7.2AI score0.25991EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0034)

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that wou...

7.6CVSS7.6AI score0.12733EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0083)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.42546EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0026)

An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.4AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows Uniscribe Information Disclosure (MS17-011: CVE-2017-0121)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

4.3CVSS4.7AI score0.42124EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•12 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0020)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.16387EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0131)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an out of bounds read when Microsoft Edge improperly accesses objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8AI score0.1523EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•16 views

Microsoft XML Core Services Information Disclosure (MS17-022: CVE-2017-0022)

An information vulnerability exists in Microsoft XML Core Services MSXML. The vulnerability is caused when MSXML improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

4.3CVSS5AI score0.18069EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•12 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0072)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.42546EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Microsoft Office Information Disclosure (MS17-014: CVE-2017-0105)

An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

4.3CVSS5.1AI score0.30411EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•15 views

Microsoft Windows GDI+ Information Disclosure (MS17-013; CVE-2017-0060; CVE-2017-0062)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

1.9CVSS5.4AI score0.17832EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0025)

An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS4.7AI score0.01835EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0066)

Security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...

4CVSS5.3AI score0.29946EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Windows GDI+ Information Disclosure (MS17-013: CVE-2017-0073)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

4.3CVSS4.7AI score0.33359EPSS
Exploits0
Total number of security vulnerabilities13538