Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•2 views

FreePBX Framework modulefunctions.class.php display SQL Injection

A SQL injection vulnerability exists in FreePBX. Successful exploitation could lead to arbitrary command execution on the affected system...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•0 views

FreePBX Framework Recordings Module Remote Command Execution

A remote command execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the Recordings module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page. Successful exploitation could lead to...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•10 views

Microsoft Windows Elevation of Privilege (MS16-111: CVE-2016-3373)

An elevation of privilege vulnerability exists in Microsoft Windows. A malicious user can bypass a security check in Windows to read and write registry hive files under a hidden registry hive which could enable an elevation of privilege. Successful exploitation could allow an attacker to run...

4.3CVSS6.6AI score0.17466EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3375; CVE-2017-11913)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling scripts. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way th...

7.6CVSS8.1AI score0.17016EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•10 views

Microsoft Browser Information Disclosure (MS16-104: CVE-2016-3351)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer and EDGE browsers. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an...

2.6CVSS5.5AI score0.26286EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•21 views

Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...

4.6CVSS7.1AI score0.01492EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•17 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3363)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS5.5AI score0.20203EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•9 views

Microsoft Windows Win32k Elevation of Privilege (MS16-106: CVE-2016-3348)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated privileges...

9.3CVSS7.6AI score0.13348EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3247)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer and Edge. The vulnerability is due to an out of bounds read when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

5.1CVSS8AI score0.71478EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•2 views

Adobe Flash Player Security Bypass (APSB16-29: CVE-2016-4271)

A security bypass vulnerability has been reported in Adobe Flash Player. This vulnerability is an instance of a sandbox escape vulnerability. The specific vulnerability exploits two uncommon ways of encoding an URI that lead to information leakage, effectively bypassing protections provided by th...

4.3CVSS1.5AI score0.04555EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•5 views

Adobe Flash Player Use After Free Code Execution (APSB16-29: CVE-2016-4272)

A memory corruption vulnerability exist in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS5.7AI score0.0604EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4282)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.04434EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•1 views

Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4284)

A memory corruption vulnerability exist in Adobe Flash Player. The vulnerability is caused by a crafted SWF file which causes an out of bounds memory access. A remote attacker can exploit this issue in order to trigger an access violation exception...

9.3CVSS3.5AI score0.04434EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4274)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.04434EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•17 views

Microsoft Windows PDF Library Remote Code Execution (MS16-080: CVE-2016-3203; CVE-2016-3370)

An out of bound memory access vulnerability exists within Microsoft Edge PDF reader and Windows PDF Library. The vulnerability is due to an error in evaluating the correct value of a buffer. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

9.3CVSS6.7AI score0.33337EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•17 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3364)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.18535EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3297)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that executes malicious...

6.8CVSS8.2AI score0.22573EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•13 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3359)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.17466EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•20 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3365)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS5.5AI score0.19867EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•7 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3381)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS5.5AI score0.14969EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•8 views

Microsoft Internet Explorer Elevation of Privilege (MS16-104: CVE-2016-3292)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

5.1CVSS5.8AI score0.07109EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•38 views

Microsoft Browser Information Disclosure (MS16-105 : CVE-2016-3325)

An out-of-bounds read vulnerability was discovered within Microsoft Edge. The vulnerability is due to an error in the way Microsoft Office improperly handles double response in the same buffered inputs. A remote attacker can exploit this issue by sending double response in the same buffered input...

2.6CVSS5.9AI score0.53914EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•21 views

Microsoft Edge Memory Corruption (MS16-105: CVE-2016-3377)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in...

7.6CVSS8AI score0.16166EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•10 views

Microsoft Edge Memory Corruption (MS2016-08: CVE-2016-3294)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.14238EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•9 views

Adobe Flash Player Use After Free (APSB16-29: CVE-2016-4279)

This vulnerability is an instance of a use after free vulnerability. A constraint for exploitation of this vulnerability is that the memory area of the freed object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access...

10CVSS3AI score0.0604EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•15 views

Microsoft Windows GDI Component Information Disclosure (MS16-106: CVE-2016-3355)

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious executable file. Successful exploitation of this issue can lead to...

7.2CVSS6.7AI score0.02331EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•27 views

Schneider Electric SoMachine HVAC AxEditGrid ActiveX Untrusted Pointer Dereference (CVE-2016-4529)

The vulnerability is due to a dereference of user-supplied SetDataIntf parameter value as a function pointer within the AxEditGrid ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to open a specially crafted web page. Successful...

7.5CVSS2AI score0.04989EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•15 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3360)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.17235EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•19 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3357)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.54809EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•13 views

Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3295)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

5.1CVSS8.1AI score0.14985EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•16 views

Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3324)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...

6.8CVSS8.5AI score0.28334EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•8 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3362)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS5.5AI score0.17466EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•20 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3358)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.18434EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•24 views

Micro Focus GroupWise Post Office Agent Integer Overflow (CVE-2016-5762)

An integer overflow vulnerability leading to a heap-based buffer overflow exists in the Post Office Agent component of Micro Focus GroupWise. The vulnerability is due to insufficient validation of usernames and passwords submitted to the Post Office Agent. A successful attack could result in...

7.5CVSS3.2AI score0.05726EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•24 views

Microsoft Windows Elevation of Privilege (MS16-111: CVE-2016-3306)

An elevation of privilege vulnerability exists in Microsoft Windows Server. The vulnerability is caused when Microsoft Windows fails to handle executable programs being ran by two users. A remote attacker can exploit this issue by enticing a victim to run a specially crafted file...

4.6CVSS7.3AI score0.0221EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•13 views

Microsoft Windows PDF Library Information Disclosure (MS16-115: CVE-2016-3374)

An out of bounds memory access vulnerability exists within Microsoft Edge and Windows PDF Library. The vulnerability is due to an error in parsing a malformed PDF document. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

4.3CVSS6.4AI score0.25847EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/09/12 12:0 a.m.•1 views

Repetitive SMB Rename Command Attempts

Ransomwares access shared folder in order to encrypt files. Successful exploitation might lead to loss of sensitive data...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/12 12:0 a.m.•1 views

Microsoft Word Document Malicious Known Downloaders

Microsoft Office files might contain malicious downloaders. A remote attacker could send spam e-mails including such downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...

3.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/12 12:0 a.m.•8 views

Canon IR-ADV Password Extractor

An authentication bypass vulnerability exists in Canon IR-ADV. A remote attacker can exploit this vulnerability by extracting the passwords from address books on various Canon IR-Adv mfp devices...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/12 12:0 a.m.•2 views

Suspicious Web Page Phishing Attempt

Phishing URL attacks attempt to acquire a victim's credentials to well-known sites. The attacker uses embedded redirection links in order to gain the victim's account information...

3.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/07 12:0 a.m.•1 views

IBM WebSphere Application Server SIP Processing Denial of Service (CVE-2016-2960)

A denial-of-service vulnerability has been reported in IBM WebSphere Application Server. The vulnerability is due to improper validation of SIP messages. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SIP messages to the target server. Successful exploitation...

4.3CVSS3.4AI score0.39584EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/05 12:0 a.m.•1 views

WECON LeviStudio Address Name Heap Buffer Overflow

The vulnerability is due to improper parsing of XML Address Name attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project. Successful exploitation could allow the attacker to execute arbitrary code under the security...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/05 12:0 a.m.•2 views

ManageEngine OpManager APMIntegBusinessViewHandler OPM_BVNAME SQL Injection

This vulnerability is due to insufficient validation of the OPMBVNAME parameter when processing requests sent to APMIntegBusinessViewHandler servlet. A remote, unauthenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/05 12:0 a.m.•5 views

Linux Kernel x86-64 IA32SysCall Privilege Escalation (CVE-2010-3301)

An old vulnerability has been reintroduced in certain versions of the Linux Kernel that could be exploited by local unprivileged users to elevate their default system designated privileges to the higher kernel level privileges. The vulnerability is due to an error that kernel does not zero-extend...

7.2CVSS3.4AI score0.03818EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/31 12:0 a.m.•2 views

Trend Micro IWSVA Command Injection

A command injection vulnerability has been reported in Trend Micro Interscan Web Security. This vulnerability exists due to improper validation of the HTTP request parameters when processing requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/31 12:0 a.m.•17 views

MOXA MediaDBPlayback ActiveX Control Buffer Overflow (CVE-2010-4742)

A buffer overflow vulnerability exists in MOXAActiveXSDK. The vulnerability is due to mishandling an overly long string. Remote attackers can exploit this vulnerability by enticing a target user to open a specially crafted web page with an embedded media file...

10CVSS6AI score0.5637EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/08/30 12:0 a.m.•1 views

Ransomware Shared Folder Access

Ransomwares access shared folder in order to encrypt files. Successful exploitation might lead to loss of sensitive data...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/30 12:0 a.m.•1 views

Phishing URL Attack Attempt

Phishing URL attack attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. The attacker uses embedded redirection links in order to gain the victim's account information...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/30 12:0 a.m.•16 views

Moxa SoftCMS CGI Program SQL Injection (CVE-2016-5792)

A SQL injection vulnerability has been reported in Moxa SoftCMS. The vulnerability is due to insufficient input validation on user supplied input. A remote attacker can exploit this vulnerability by providing a crafted input to the product. Successful exploitation would allow the attacker to...

7.5CVSS3.5AI score0.03037EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/29 12:0 a.m.•5 views

WordPress dl-skin.php Arbitrary File Download

An arbitrary file download vulnerability exists in dl-skin.php file. A remote attacker might gain access to arbitrary files using a specially crafted HTTP request...

2.5AI score
Exploits0
Total number of security vulnerabilities13538