Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/08/29 12:0 a.m.•15 views

WordPress Admin API Directory Traversal (CVE-2016-6896)

A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests...

5.5CVSS3.5AI score0.38445EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/08/28 12:0 a.m.•5 views

Web Server HTTP Request URL Injection (CVE-2014-8150)

A security bypass vulnerability exists in web servers. The vulnerability is due to an input validation error when handling a request's URL contains line feeds and carriage return...

4.3CVSS1.7AI score0.0681EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/25 12:0 a.m.•3 views

WordPress wSecure Lite Plugin Remote Command Execution

A remote code execution vulnerability exists in WordPress wSecure Lite Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/25 12:0 a.m.•2 views

Drupal RESTWS Module Page Callback Remote Code Execution

A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the web server process...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/25 12:0 a.m.•30 views

WebNMS Framework Server Arbitrary File Upload (CVE-2016-6600)

An Arbitrary File Upload vulnerability exists in WebNMS Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS4.9AI score0.9045EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/08/24 12:0 a.m.•16 views

PHP TAR File Parsing Uninitialized Reference (CVE-2016-4343)

An uninitialized reference vulnerability exists in PHP. A remote attacker can exploit this vulnerability by uploading a crafted TAR file to a vulnerable PHP application. A successful attack will result in remote code execution under the context of the service running PHP. Unsuccessful exploitatio...

6.8CVSS4.5AI score0.0421EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/24 12:0 a.m.•2 views

Joomla Sensitive Core Files Information Disclosure

An information disclosure vulnerability exists in multiple Joomla Plugins and themes. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/23 12:0 a.m.•6 views

FreeBSD bspatch Utility Remote Code Execution (CVE-2014-9862)

A remote code execution vulnerability has been reported in the bspatch utility in FreeBSD. The vulnerability is due to improper validation on the numbers of bytes to read from diff and extra stream values. A remote attacker can exploit this vulnerability by enticing the target user to download an...

7.2CVSS4.8AI score0.06762EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/22 12:0 a.m.•13 views

Cisco Prime Infrastructure and EPNM Deserialization Code Execution (CVE-2016-1291)

A vulnerability has been found in the web interface of Cisco Prime Infrastructure and Evolved programmable Network Manager EPNM. The vulnerability is due to insufficient sanitization of user supplied input to the web interface. A remote, unauthenticated attacker could exploit this vulnerability b...

9.3CVSS8.9AI score0.06769EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/08/21 12:0 a.m.•1 views

Fortinet Cookie Overflow Remote Code Execution (EGREGIOUSBLUNDER)

An overflow vulnerability exists in authentication cookie on Fortinet firewalls. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected system...

5.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/21 12:0 a.m.•13 views

Rockwell Automation MicroLogix Remote Code Execution (CVE-2016-5645)

A remote code execution vulnerability exists in Rockwell Automation MicroLogix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.29398EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/21 12:0 a.m.•4 views

Adobe Reader Memory Corruption (APSB16-26: CVE-2016-4204)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS3.8AI score0.17807EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/08/21 12:0 a.m.•5 views

Drupal Coder Module coder_upgrade.run.php Remote Code Execution

The vulnerability is due to improper input validation on user-supplied input. remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the proces...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/21 12:0 a.m.•9 views

PHP Exif_Process_User_Comment Null Pointer Dereference (CVE-2016-6292)

A denial of service vulnerability exists in the Exif module of PHP. The vulnerability is due to a null pointer dereference in exifprocessusercomment when trying to handle JIS encoded user comment Exif tags when multi-byte string support is enabled in PHP. A remote, unauthenticated attacker can...

4.3CVSS2AI score0.03907EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/18 12:0 a.m.•0 views

Weak Password Login Attempt Over Telnet

Telnet is an internet protocol that provides access to remote computers using a virtual terminal. A remote attacker may use an open Telnet service to run arbitrary code on the victim machine...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/18 12:0 a.m.•0 views

Command Injection Over Telnet

Telnet is an internet protocol that provides access to remote computers using a virtual terminal. A remote attacker may use an open Telnet service to run arbitrary code on the victim machine...

5.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/18 12:0 a.m.•3 views

Netsparker Web Scanner

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Netsparker to detect vulnerabilities on a target server...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/18 12:0 a.m.•10 views

Cisco ASA Disable Password Remote Code Execution (CVE-2016-6366)

A remote code execution vulnerability exists in Cisco ASA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

8.5CVSS5.2AI score0.87503EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/08/17 12:0 a.m.•3 views

WordPress Ninja Forms Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress Ninja Forms Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/17 12:0 a.m.•11 views

Adobe Acrobat and Reader Security Bypass (APSB16-14 : CVE-2016-1040)

A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

10CVSS3.6AI score0.05708EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/16 12:0 a.m.•0 views

WECON LeviStudio String Content Heap Buffer Overflow

The vulnerability is due to improper parsing of XML String Content attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project. Successful exploitation could allow the attacker to execute arbitrary code under the security...

4.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/16 12:0 a.m.•3 views

Drupal CODER Module Remote Code Execution

A code execution vulnerability exists in Drupal CODER Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/16 12:0 a.m.•2 views

JexBoss Security Scanner

JexBoss is a vulnerability scanning product. Remote attackers can use JexBoss to detect vulnerabilities on a target server...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•67 views

Symantec Endpoint Protection Manager Cross Site Request Forgery (CVE-2016-3653)

A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could...

6CVSS3.2AI score0.01342EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•56 views

Symantec Endpoint Protection Manager Open Redirect Report-Routing Component (CVE-2016-5304)

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. A remote attacker could exploit these...

4.9CVSS4.8AI score0.04122EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/08/15 12:0 a.m.•74 views

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2016-3652)

A cross-site-scripting vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient input validation on user-supplied input. A remote attacker could exploit this vulnerability by enticing authenticated users to click on a crafted link...

3.5CVSS3.4AI score0.02552EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/08/14 12:0 a.m.•1 views

JavaScript TCP Windows Compromise Information Gathering

Several JavaScript implementations are used over HTTPS to gather information and analyzing TCP windows as used in SSL and TLS TCP Windows Compromise, also known as HEIST. Successful exploitation might result in disclosure of confidential or private information...

6.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/14 12:0 a.m.•25 views

HPE Data Protector EXEC_BAR domain Buffer Overflow (CVE-2016-2006)

A buffer overflow vulnerability has been found in the Omnilnet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the domain field in EXECBAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a...

10CVSS9.6AI score0.20412EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/14 12:0 a.m.•14 views

Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization (CVE-2013-2186)

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this...

7.5CVSS4.7AI score0.12768EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/10 12:0 a.m.•28 views

Solarwinds Virtualization Manager Apache Commons Collections Insecure Deserialization (CVE-2016-3642)

An insecure deserialization vulnerability has been reported in Solarwinds Virtualization Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker...

10CVSS9.4AI score0.13268EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/08/10 12:0 a.m.•1 views

SolarWinds SRM Profiler RulesMetaData addNewRule SQL Injection

An SQL injection vulnerability exists in the SolarWinds Storage Manager Resource Monitor, Profiler Module. This vulnerability is due to insufficient validation of ScriptSchedule parameter in HTTP requests sent to the ScriptServlet servlet...

0.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3293)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could allow attackers to execute code on the...

7.6CVSS7.1AI score0.14732EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•7 views

Microsoft Windows Win32k Elevation of Privilege (MS16-098: CVE-2016-3308)

An out of bound memory access vulnerability was discovered within Microsoft Windows. The root cause is within win32kfull subsystem that performs an out of bound memory access leading to a heap memory corruption. A successful exploitation of this issue could allow an attacker to elevate his...

7.2CVSS3.4AI score0.06418EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•6 views

Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4139)

When calling window location toString or comparing window location toString is called an attacker can return arbitrary values. An attacker can make the applet believe that it is embedded inside the hosting page, by overriding window location toString. Hence, an attacker can call any method that i...

9.3CVSS1.8AI score0.0381EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•13 views

Microsoft Win32k Elevation of Privilege (MS16-098: CVE-2016-3310)

An elevation of privilege vulnerability exists in Windows Win32k. The vulnerability is caused when the graphical sub component fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS4.5AI score0.02628EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•34 views

Microsoft Office Memory Corruption (MS16-099: CVE-2016-3316)

A memory corruption vulnerability has been reported in Microsoft Word. The application fails to properly handle certain objects in memory when parsing specially crafted files with a large sprmSDyaTop value. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to op...

9.3CVSS3.7AI score0.47194EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•15 views

Microsoft Win32k Elevation of Privilege (MS16-098: CVE-2016-3311)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The defect is found in win32kfull sub component which results in an out of bounds memory access. A successful exploitation of this issue could allow an attacker to elevate his privileges on the system...

7.2CVSS4.2AI score0.01528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3289)

A use after free vulnerability was discovered within Microsoft Internet Explorer. The root cause comes from dll file triggering a use after free condition. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...

7.6CVSS4.6AI score0.17704EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3290)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...

7.6CVSS2.9AI score0.16428EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•16 views

Microsoft Office Memory Corruption (MS16-099: CVE-2016-3317)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is caused when Microsoft Office does not properly handle rich text format files in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file with an affected...

9.3CVSS7.7AI score0.22127EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•8 views

Microsoft Edge Use After Free (MS16-095: CVE-2016-3326)

A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...

2.6CVSS4AI score0.15846EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•13 views

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3322)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the mishandling of cached objects in complex webpages. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could allow attackers to execute...

7.6CVSS5.6AI score0.14006EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•15 views

Microsoft Edge PDF Remote Code Execution (MS16-096: CVE-2016-3319; CVE-2017-0291)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Edge improperly accesses objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

9.3CVSS7.5AI score0.20498EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•31 views

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3288)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page...

7.6CVSS5AI score0.51804EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•11 views

Microsoft Internet Explorer Information Disclosure (MS16-095: CVE-2016-3327)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer and Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page...

2.6CVSS0.7AI score0.14189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•19 views

Microsoft Internet Explorer Information Disclosure (MS16-095: CVE-2016-3321)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling URIs. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...

1.9CVSS5.2AI score0.35331EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•15 views

Microsoft Office Memory Corruption (MS16-099: CVE-2016-3313)

A memory corruption vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS4.9AI score0.49831EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•27 views

Microsoft Graphics Component Memory Corruption (MS16-099: CVE-2016-3318; CVE-2017-8510)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted RTF files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file and ...

9.3CVSS7.8AI score0.22127EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•10 views

Microsoft Windows Win32k Elevation of Privilege (MS16-098: CVE-2016-3309)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS4.4AI score0.20625EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•33 views

Microsoft Windows Graphics Component Remote Code Execution (MS16-097: CVE-2016-3301; CVE-2016-3303)

A memory corruption vulnerability exists in Microsoft Windows GDI . The vulnerability is due to integer overflow vulnerability founded in the GDI shared library. An attacker can exploits this vulnerability in various ways through an .emf file...

9.3CVSS3.6AI score0.50506EPSS
Exploits2
Total number of security vulnerabilities13538