Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/02/13 12:0 a.m.•11 views

Audiotran 1.4.1 (PLS File) Stack Buffer Overflow (CVE-2009-0476)

A stack-based buffer overflow exists in Audiotran 1.4.1. A remote attacker could trigger this vulnerability by enticing a victim to open a crafted file. Successful exploitation would allow remote attackers to execute arbitrary code via a long string in a playlist .pls file...

9.3CVSS7.9AI score0.37035EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/02/13 12:0 a.m.•9 views

Altap Salamander 2.5 PE Viewer Buffer Overflow (CVE-2007-3314)

A buffer overflow exists in Altap Salamander. A remote attacker could trigger this vulnerability by creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander. Successful exploitation would allow remote...

6.8CVSS6.7AI score0.43408EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/02/12 12:0 a.m.•5 views

VUPlayer CUE File Buffer Overflow

A stack overflow exists in VUPlayer. The vulnerability is due to improper boundary checking of user-supplied input when processing CUE files. By enticing a victim to open a malicious CUE file, a remote attacker could execute arbitrary code on the affected system...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/12 12:0 a.m.•3 views

Beetel Connection Manager Buffer Overflow

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager. The vulnerability is due to improper parsing of parameters in the NetConfig.ini file. A remote attacker could exploit this vulnerability by enticing a user to use a crafted NetConfig.ini file...

5.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/08 12:0 a.m.•2 views

Flash File Malicious Code Execution

A code execution vulnerability exist in Flash. The vulnerability is caused by a crafted SWF file with hidden malicious code. A remote attacker can exploit this issue in order to run malicious code on the effected system...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/07 12:0 a.m.•2 views

Suspicious Proxy Auto-Config File

An attacker can force browsers to use a malicious .pac file, and redirect traffic to a fake site. A successful attack might result in loss of data or connection hijack...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/07 12:0 a.m.•34 views

NETGEAR Routers Authentication Bypass (CVE-2017-5521)

An authentication bypass vulnerability exists in Multiple NETGEAR Routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

4.3CVSS5.5AI score0.89294EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/02/02 12:0 a.m.•2 views

WordPress REST API Content Injection

A content injection vulnerability exists in WordPress REST API. A remote attacker may exploit this vulnerability by sending a malicious request to the server. Successful exploitation would allow an attacker to inject and change content...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/02 12:0 a.m.•10 views

Microsoft Windows SMB2 Tree Connect Response Denial of Service (MS17-012: CVE-2017-0016)

A denial of service vulnerability has been reported in Microsoft Windows SMB2. The vulnerability is due to insufficient sanitization over SMB2 Tree Connect response messages...

7.1CVSS2.8AI score0.2373EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/02/01 12:0 a.m.•3 views

CMSmap Security Scanner

CMSmap is a dedicated vulnerability scanning product for Content Management Systems. Remote attackers can use CMSmap to detect vulnerabilities on a target server...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/31 12:0 a.m.•2 views

Chrome Fake Font Malware Installer

A misleading popup window, disguising as a Chrome error message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/30 12:0 a.m.•4 views

Suspicious Metadata Mail Phishing Containing Archive Attachment

Suspicious Mail containing archive attachment was observed as part of phishing campaigns. A remote attacker could send spam e-mails including those files. This would allow the malicious code to run and infect the target system...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/30 12:0 a.m.•19 views

WordPress CM Download Manager Code Injection (CVE-2014-8877)

Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full...

10CVSS4.4AI score0.14804EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/01/26 12:0 a.m.•10 views

Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154)

An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL...

7.5CVSS1.5AI score0.04398EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/26 12:0 a.m.•9 views

Cisco WebEx Meetings Server and Center Remote Code Execution (CVE-2017-3823)

A remote code execution vulnerability exists in Cisco WebEx Meetings Server and WebEx Meetings Center browser extensions. The vulnerability is due to a design weakness in the API response parser within the extensions.A remote unauthenticated attacker could exploit this vulnerability by enticing a...

9.3CVSS3AI score0.27231EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/01/26 12:0 a.m.•12 views

Aerospike Database Server Stack Buffer Overflow (CVE-2016-9052; CVE-2016-9054)

A memory corruption vulnerability has been reported in Aerospike Database Server. This vulnerability is due to improper bounds checking of user-supplied variable. A remote attacker could exploit these vulnerabilities by sending a maliciously crafted packet to the vulnerable server...

7.5CVSS4.2AI score0.077EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/01/25 12:0 a.m.•6 views

Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow (CVE-2016-2123)

An integer overflow vulnerability exists in Samba. The vulnerability is due to incorrectly parsing crafted NDR data that results in an integer overflow. A remote, authenticated attacker could exploit this vulnerability by sending malicious packets to a vulnerable Samba service and could result in...

6.5CVSS6.5AI score0.06226EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/24 12:0 a.m.•6 views

IBM Tivoli Storage Manager FastBack Server Denial of Service (CVE-2015-8523)

A denial of service vulnerability exists in IBM Tivoli Storage Manager FastBack Server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to port 11460/TCP...

5CVSS4.2AI score0.01462EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/24 12:0 a.m.•16 views

Microsoft Edge document.domain Same Origin Policy Bypass (MS17-001: CVE-2017-0002)

A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted...

6.8CVSS8AI score0.1489EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/23 12:0 a.m.•11 views

Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2959)

A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPG file...

9.3CVSS8.3AI score0.11472EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/22 12:0 a.m.•5 views

ISC BIND TKEY Query Response Assertion Failure Denial of Service (CVE-2016-9131)

A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet. A remote, unauthenticated attacker could exploit this vulnerability by providing a...

5CVSS3.2AI score0.40556EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/22 12:0 a.m.•32 views

LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow (CVE-2016-9941)

A heap-based buffer overflow has been reported in LibVNCServer LibVNCClient. The vulnerability is due to improper handling of FramebufferUpdate messages with specially crafted rectangles. A remote attacker could exploit this vulnerability by enticing a user to connect to a malicious VNC server an...

7.5CVSS2.6AI score0.03732EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/19 12:0 a.m.•1 views

Same-Source Weak Password Scan Over HTTP

Many HTTP servers, especially on routers and other network device, have well-known default user credentials. In many cases, these default credentials are not changed by the administrator. An attacker might scan the network in order to discover such devices, and use these default credentials to lo...

2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/19 12:0 a.m.•4 views

Autodesk Design Review BMP biClrUsed Buffer Overflow

A heap-based buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to improper handling of biClrUsed field in a BMP file. A remote attacker could exploit these vulnerabilities by enticing the user to visit a maliciously crafted web-page or open a maliciously...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/19 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2937)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.06238EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/19 12:0 a.m.•14 views

F5 Multiple Products iControl iCall Script Privilege Escalation (CVE-2015-3628)

A privilege escalation vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of iCall scripts in incomming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to the serve...

9CVSS3.2AI score0.68483EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/01/18 12:0 a.m.•2 views

Adobe Acrobat and Reader Type Confusion (APSB17-01: CVE-2017-2962)

A type confusion vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file with an...

9.3CVSS8.3AI score0.09855EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/18 12:0 a.m.•12 views

Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2961)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.03953EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/18 12:0 a.m.•7 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2963)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted TIFF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF...

9.3CVSS8.5AI score0.03621EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/18 12:0 a.m.•4 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2960)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the image conversion engine, related to parsing of EXIF metadata. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.5AI score0.18545EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/17 12:0 a.m.•9 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2964)

A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPEG file...

9.3CVSS8.3AI score0.0333EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/17 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2936)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.06238EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/16 12:0 a.m.•6 views

VegaDNS axfr_get.php Command Injection

A command injection vulnerability exists in the axfrget.php script of VegaDNS. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could allow the attacker to execute arbitrary commands...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2931)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.7AI score0.21145EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2930)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.25064EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2932)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.24593EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•12 views

Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2955; CVE-2017-2958)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.09707EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•17 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2965)

A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted TIFF file...

9.3CVSS8.3AI score0.03216EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•12 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2939)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a file with malformed cross-reference table. A remote attacker may exploit this vulnerability by enticing a target user to open a special...

9.3CVSS8.5AI score0.02861EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•7 views

Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2951)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/15 12:0 a.m.•10 views

Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2956; CVE-2017-2957)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...

9.3CVSS8.9AI score0.03548EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2928)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.7AI score0.0502EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB17-02: CVE-2017-2926)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS4.8AI score0.09905EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•2 views

HTML File Containing Hidden Malicious JavaScript

A vulnerability exists in websites using Joomla or WordPress, allowing a malicious JavaScript file to open hidden content as a user browses the compromised website without the users knowledge .Attackers use this technique to improve search result ranking but may also use it as a stage in more...

0.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•9 views

Adobe Acrobat And Reader Use After Free (APSB17-01: CVE-2017-2950)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.3AI score0.04217EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•5 views

Adobe Flash Player Heap Buffer Overflow (APSB17-02: CVE-2017-2927)

heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.3AI score0.08861EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•9 views

Adobe Acrobat and Reader Security Bypass (APSB17-01: CVE-2017-2947)

A Security Bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

4.3CVSS7.2AI score0.06869EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•8 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2967)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.5AI score0.0333EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•14 views

GetGo Download Manager HTTP Response Header Buffer Overflow (CVE-2014-2206)

A remote code-execution vulnerability exists in GetGo Download Manager. The vulnerability is due to incorrectly handling the object header in a crafted file. A remote attacker can exploit this vulnerability by enticing the target user to download a file from a malicious server, potentially causin...

10CVSS3AI score0.6144EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2017/01/12 12:0 a.m.•12 views

Adobe Acrobat and Reader Out of Bounds Read (APSB17-01: CVE-2017-2946)

An out-of-bounds read vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to improper validation of embedded JPEG2000 images in a PDF document. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or a...

9.3CVSS8.2AI score0.24158EPSS
Exploits0
Total number of security vulnerabilities13538