Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7276)

An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an improper handling of malformed embedded fonts. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

5.8CVSS6.3AI score0.25082EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•6 views

Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7870)

A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.8CVSS5.3AI score0.10701EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS16-144: CVE-2016-7279)

A remote code execution vulnerability exists in Internet Explorer and Microsoft Edge. The vulnerability is due to the way scripting engine renders when handling objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...

7.6CVSS8.1AI score0.15497EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•7 views

Microsoft Office OLE DLL Side Loading (MS16-148: CVE-2016-7275)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused due to an incorrect link to a dynamic-link library file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file which will lead to arbitrary code execution...

7.2CVSS8.2AI score0.01417EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•8 views

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7879)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

6.8CVSS3.7AI score0.07679EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7869)

A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.8CVSS5.3AI score0.11071EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•8 views

Microsoft Windows Win32k Elevation of Privilege (MS16-151: CVE-2016-7259)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation...

7.2CVSS7.4AI score0.02137EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•2 views

Microsoft Internet Explorer Memory Corruption (MS16-144: CVE-2016-7283)

An out-of-bounds read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause...

9.3CVSS8.4AI score0.17793EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•10 views

Microsoft Windows GDI Information Disclosure (MS16-146: CVE-2016-7257)

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious presentation file. Successful exploitation of this issue can lead to...

4.3CVSS6.3AI score0.225EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•12 views

Microsoft Windows CLFS Driver Information Disclosure (MS16-153: CVE-2016-7295)

An elevation of privilege vulnerability exists in the Windows Common Log File System CLFS driver of Microsoft Windows. The vulnerability is due to the way Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run processes in an elevated...

2.1CVSS5.6AI score0.02712EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•15 views

Microsoft Windows Graphics Remote Code Execution (MS16-146: CVE-2016-7272)

A remote code execution vulnerability exists in Microsoft Windows Graphics. The vulnerability is due to the improper handling of objects in the memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

9.3CVSS8.5AI score0.39261EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•11 views

Microsoft Windows Installer Elevation of Privilege (MS16-149: CVE-2016-7292)

An elevation of privilege vulnerability exists in the Windows Installer. The vulnerability is due to the Windows Installer failing to properly sanitize input leading to an insecure library loading behavior. A attacker could run arbitrary code with elevated system privileges...

7.2CVSS5.1AI score0.01459EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•8 views

Microsoft Edge Security Feature Bypass (MS16-145: CVE-2016-7282)

security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge implements Address Space Layout Randomization ASLR.A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsof...

4.3CVSS7AI score0.10321EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•7 views

Microsoft Windows Crypto Driver Information Disclosure (MS16-149: CVE-2016-7219)

An information disclosure vulnerability has been reported in Windows Crypto driver running in kernel mode improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system...

2.1CVSS5.3AI score0.03426EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•14 views

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7264)

An information disclosure vulnerability exists within Microsoft Office. The vulnerability occurs due to an out-of-bound memory read as a result of an uninitialized variable, and could be used to disclose the memory content. A remote attacker can exploit this issue by enticing a victim to open a...

5.8CVSS6.4AI score0.23211EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•9 views

Microsoft Office Memory Corruption (MS16-148: CVE-2016-7277)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS8.6AI score0.17968EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•5 views

Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7868)

A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.8CVSS5.3AI score0.11022EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•12 views

Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7284)

An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error in Internet Explorer. Successful exploitation of this issue can lead to information disclosure...

4.3CVSS5.4AI score0.14972EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•22 views

Microsoft Office Security Feature Bypass (MS16-148: CVE-2016-7262)

A security feature bypass vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this vulnerability by enticing a victim to open a specially...

6.8CVSS7.3AI score0.58204EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•13 views

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7265)

An information disclosure vulnerability was discovered within Microsoft Office. The vulnerability is due to reading out of bound memory due to an uninitialized variable which could disclose the contents of memory. A remote attacker can exploit this issue by enticing a victim to open a specially...

5.8CVSS6.3AI score0.22571EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•13 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7202)

A buffer overrun vulnerability exists in Microsoft Edge and Microsoft Internet Explorer. The vulnerability is due to the way JavaScript engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web...

7.6CVSS2.3AI score0.73289EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•16 views

Microsoft Windows Uniscribe Remote Code Execution (MS16-147: CVE-2016-7274)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted ttf file...

9.3CVSS4.3AI score0.42488EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•14 views

Microsoft Browser Information Disclosure (MS16-145: CVE-2016-7280)

An information disclosure vulnerability was discovered in Microsoft Edge. The vulnerability is due to an improper content validation under specific conditions in Microsoft Browser XSS Filter. An attacker who exploited the vulnerability could run arbitrary JavaScript that could lead to an...

4.3CVSS5.7AI score0.09392EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•8 views

Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)

A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...

7.6CVSS8AI score0.70354EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•20 views

Microsoft Internet Explorer Information Disclosure (MS16-144: CVE-2016-7278)

An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer do not properly handle objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

2.6CVSS2.1AI score0.14665EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•10 views

Microsoft Browser Scripting Engine Memory Corruption (MS16-145: CVE-2016-7287)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS4AI score0.68884EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/12 12:0 a.m.•4 views

PDF Shaper Conversion Buffer Overflow

A buffer overflow vulnerability exists in PDF Shaper. The vulnerability is due to improper handling of file conversion. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/11 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7873)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.7AI score0.04978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/08 12:0 a.m.•8 views

Memcached process_bin_sasl_auth Integer Underflow (CVE-2016-8706)

An integer underflow vulnerability exists in the Memcached binary protocol. This vulnerability is due to a lack of bounds checking in the processbinsaslauth function. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached that can le...

6.8CVSS5.5AI score0.45703EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/12/08 12:0 a.m.•18 views

WordPress Symposium Plugin SQL Injection (CVE-2015-6522)

An SQL injection vulnerability exists in the WordPress Symposium Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

7.5CVSS4.3AI score0.74127EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/12/08 12:0 a.m.•1 views

WordPress Answer My Question Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress Answer My Question Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/07 12:0 a.m.•9 views

Memcached process_bin_append_prepend Integer Overflow (CVE-2016-8704)

An integer overflow vulnerability exists in memcached. This vulnerability is due to a lack of bounds checking in the processbinappendprepend function while processing commands that append or prepend data to existing key-value pairs. A remote unauthenticated attacker can exploit these...

7.5CVSS6.5AI score0.23173EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/12/07 12:0 a.m.•5 views

ISC BIND DNAME Response Processing Denial of Service (CVE-2016-8864)

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to a flaw processing recursive DNAME responses that can cause the target resolver to crash. A remote, unauthenticated attacker could exploit this vulnerability against DNS servers that perform recursive...

5CVSS3.4AI score0.38733EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/06 12:0 a.m.•2 views

Malicious Embedded Flash Downloader

Several Exploit Kits landing pages embed malicious Flash files. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

5.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/06 12:0 a.m.•6 views

OpenSSL tls_get_message_body Function init_msg Structure Use After Free (CVE-2016-6309)

A use-after-free vulnerability has been reported in the tlsgetmessagebody function of OpenSSL. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the vulnerable server. Successful exploitation allows the attacker to execute arbitrary code on the...

10CVSS4.3AI score0.70223EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/06 12:0 a.m.•19 views

Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)

A script injection and execution vulnerability has been reported in Movable Type. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary Perl code and SQL commands on the affected system...

7.5CVSS4.4AI score0.45201EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/12/01 12:0 a.m.•1 views

FFmpeg mov_read_keys Integer Overflow (CVE-2016-5199)

An integer overflow vulnerability exists in FFmpeg. The vulnerability is due to an integer overflow while processing a media file containing a metadata keys atom with a malicious entrycount value. Successful exploitation of the vulnerability can possibly lead to remote code execution...

6.8CVSS5.8AI score0.01367EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/01 12:0 a.m.•4 views

Mozilla Multiple Products Remote Code Execution (CVE-2016-9079; CVE-2017-5375)

A remote code execution vulnerability exists in multiple Mozilla products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.87598EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2016/12/01 12:0 a.m.•3 views

Eir D1000 Routers Remote Code Execution

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device...

6.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/30 12:0 a.m.•4 views

NodCMS edit_lang_file PHP Code Execution

An arbitrary PHP code execution vulnerability exists in NodCMS . The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/29 12:0 a.m.•6 views

Memcached process_bin_update body_len Integer Overflow (CVE-2016-8705)

An integer overflow vulnerability exists in memcached. This vulnerability is due to an integer overflow in the processbinupdate function while processing multiple commands and the bodylen parameter of a Memcached binary protocol packet. A remote unauthenticated attacker can exploit these...

7.5CVSS5.1AI score0.19854EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/11/28 12:0 a.m.•9 views

Java Applet Method Handle Remote Code Execution (CVE-2012-5088)

A code execution vulnerability has been reported in Oracle's Java and JRE. The vulnerability is due to improper use of the Method Handle class. A remote attacker may exploit this issue by enticing a target user to open a specially crafted Java applet which can enable an attacker to execute...

10CVSS3.7AI score0.78696EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/11/27 12:0 a.m.•12 views

FreePBX callmenum Remote Code Execution (CVE-2012-4869)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...

7.5CVSS3.4AI score0.70252EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/11/24 12:0 a.m.•1 views

SVG Javascript Nemucod Downloader

SVG file may contain a malicious JavaScript downloader. A successful implementation might result in the browser running arbitrary code on the infected system...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/24 12:0 a.m.•2 views

Joomla Suspicious File Upload

Multiple vulnerabilities exist in Joomla, allowing a remote attacker to upload a malicious file. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...

4.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/23 12:0 a.m.•1 views

ShadowGate Redirector

ShadowGate is an initial redirection point for exploit kits. Exploit Kits operate by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/23 12:0 a.m.•11 views

GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)

A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarchscan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution...

6.5CVSS6AI score0.53706EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/23 12:0 a.m.•7 views

NTP Daemon _IO_str_init_static_internal Denial of Service (CVE-2016-7434)

A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a null pointer dereference in the IOstrinitstaticinternal function. A remote attacker can exploit this vulnerability by sending a crafted packet to the target service. Successful...

4.3CVSS3AI score0.52935EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/11/21 12:0 a.m.•3 views

Social Media Infected Image File (ImageGate)

A vulnerability exists in a web kit used by major web servers. A malicious code may be embedded in an image file. Specially crafted HTTP request is later used to manipulate a web client into executing the embedded code...

2.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/21 12:0 a.m.•9 views

Distinct TFTP Writable Directory Traversal Execution (CVE-2012-6664)

A vulnerability exists in Distinct TFTP servers. The software contains a directory traversal vulnerability that allows authorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the...

5.7AI score0.29539EPSS
Exploits2
Total number of security vulnerabilities13538