Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•14 views

Microsoft Win32k Elevation of Privilege (MS16-090 : CVE-2016-3252)

An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7AI score0.03828EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•12 views

Microsoft Office Memory Corruption (MS16-088: CVE-2016-3284)

A memory corruption vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error in the way Microsoft Office Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially...

9.3CVSS7.2AI score0.19641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•4 views

Microsoft Internet Explorer Memory Corruption (MS16-084 : CVE-2016-3243)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...

7.6CVSS8.5AI score0.13354EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•15 views

Microsoft Office Memory Corruption (MS16-088: CVE-2016-3280)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.19641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3241)

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.7AI score0.13354EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•9 views

Nagios XI Command Injection (CVE-2018-8735; CVE-2018-8736)

A Command Injection vulnerability exists in Nagios XI. Successful exploitation will result in arbitrary command execution with root privileges...

9CVSS5.7AI score0.64172EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•8 views

Microsoft Win32k Elevation of Privilege (MS16-090 : CVE-2016-3286)

An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.1AI score0.02531EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•9 views

Microsoft Scripting Engine Information Disclosure (MS16-085: CVE-2016-3271)

An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Ed...

4.3CVSS6.2AI score0.20869EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•18 views

Microsoft Windows Print Spooler Elevation of Privilege (MS16-087; CVE-2016-3239)

An elevation of privilege vulnerability exists in Windows Print Spooler. The vulnerability is caused when the Microsoft Windows Print Spooler service improperly allows arbitrary writing to the file system. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.5AI score0.01432EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•5 views

Microsoft Internet Explorer Information Disclosure (MS16-084 : CVE-2016-3261)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling certain javascript memory objects. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

2.6CVSS1.4AI score0.13431EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/11 12:0 a.m.•3 views

MIT Kerberos 5 kadmind KADM5_POLICY Denial of Service (CVE-2015-8630)

A denial-of-service vulnerability exists in the MIT Kerberos 5 kadmind service. The vulnerability is due to a NULL pointer dereference when processing policy value. A remote, authenticated user who has permission to modify a principal entry can exploit this vulnerability by sending maliciously...

5CVSS3.9AI score0.04291EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/10 12:0 a.m.•2 views

WhatWeb Web Scanner

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use WhatWeb to detect vulnerabilities on a target server...

2.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/10 12:0 a.m.•13 views

HPE Data Protector EXEC_BAR username Buffer Overflow (CVE-2016-2005)

A buffer overflow vulnerability has been found in the OmniInet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the username field in EXECBAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to...

10CVSS9.7AI score0.20412EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/07 12:0 a.m.•0 views

WECON LeviStudio Stack Buffer Overflow

The vulnerability is due to improper parsing of XML HmiSet Type attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project file. Successful exploitation could allow the attacker to execute arbitrary code under the securit...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/06 12:0 a.m.•3 views

EICAR AV test file

The EICAR Standard Anti-Virus Test File or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research EICAR and Computer Antivirus Research Organization CARO, to test the response of computer antivirus AV programs. Instead of using real malware...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/06 12:0 a.m.•5 views

GNU wget HTTP Redirect Arbitrary File Overwrite (CVE-2016-4971)

An arbitrary file overwrite vulnerability has been reported in the GNU wget. The vulnerability is due to wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request...

4.3CVSS0.5AI score0.45935EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2016/07/06 12:0 a.m.•24 views

LibreOffice RTF parser Use After Free (CVE-2016-4324)

A use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on th...

6.8CVSS5.9AI score0.02819EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/06 12:0 a.m.•2 views

Micro Focus Rumba WallData.Macro PlayMacro Memory Corruption

A buffer overflow vulnerability has been reported in the WallData.Macro ActiveX control of Micro Focus Rumba. The vulnerability is due to a lack of bounds checking on an argument passed into the PlayMacro function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...

4.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/05 12:0 a.m.•11 views

Symantec ZIP Decompression Memory Access Violation (CVE-2016-3646)

Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...

10CVSS9.5AI score0.17739EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/05 12:0 a.m.•3 views

Network Time Protocol Daemon crypto-NAK Denial of Service (CVE-2016-4957)

A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service...

5CVSS6.2AI score0.44936EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•1 views

SUN-RPC Programs Lookup - ver 2

SUN-RPC has a scanning interface. This mode may be used to gather information on a server, such as the services and applications running on it. This protection detects and blocks use of the SUN-RPC interface scanning...

1.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•6 views

Symantec PowerPoint Misaligned Stream Remote Stack Buffer Overflow (CVE-2016-2209)

Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect and missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...

9CVSS8.5AI score0.20891EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•15 views

Symantec Antivirus Engine ASPack Remote Memory Corruption (CVE-2016-2208)

A Memory Corruption vulnerability exist in the Symantec Antivirus Engine in ASPack early version. This vulnerability is due to incorrect parsing of executables packed by ASPack early version...

9.4CVSS6.4AI score0.19176EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•1 views

ESF pfSense squid_clwarn.php Cross Site Scripting

A cross-site scripting vulnerability has been reported in squid package of Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the url, source, user and virus variables in the squidclwarn.php page. By convincing a user to visit a malicious website, a...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•12 views

Symantec Integer Overflow in TNEF decoder (CVE-2016-3645)

Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...

10CVSS9.1AI score0.24614EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/04 12:0 a.m.•20 views

Symantec Antivirus Decomposer Engine dec2lha Library Remote Stack Buffer Overflow (CVE-2016-2210)

A stack buffer overflow vulnerability exist in the Symantec Antivirus Decomposer Engine dec2lha Library. This vulnerability is due to incorrect decompression of the LZH and LHA archives...

9CVSS8.6AI score0.11372EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/07/03 12:0 a.m.•8 views

Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives (CVE-2016-2211)

Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...

9.3CVSS9.2AI score0.53402EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/03 12:0 a.m.•8 views

Symantec Antivirus Multiple Remote Memory Corruption Unpacking RAR (CVE-2016-2207)

Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine...

10CVSS9.5AI score0.18101EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/30 12:0 a.m.•8 views

ImageMagick Insufficient Character Filtering Remote Code Execution (CVE-2016-3714)

A remote code execution vulnerability has been reported in ImageMagick. The vulnerability is due to insufficient characters filtering. A remote attacker may exploit this issue by uploading a specially crafted file. Successful exploitation would allow attackers to execute arbitrary code in the...

10CVSS6.2AI score0.97485EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2016/06/30 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1076)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory in a specially crafted JPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPG file ...

10CVSS3.8AI score0.05825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/30 12:0 a.m.•31 views

Internet Explorer Malformed IFRAME Buffer Overflow - ver 2 (CVE-2004-1050)

Internet Explorer IE is a popular web browser developed by Microsoft corporation. A buffer overflow vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is in the way Microsoft Internet Explorer parses certain parameters of an IFRAME tag. An attacker can exploit this...

10CVSS7.5AI score0.67061EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/30 12:0 a.m.•15 views

Microsoft IIS 5.0 ISAPI Internet Printing Protocol Extension Buffer Overflow - ver 2 (CVE-2001-0241)

A buffer overflow in this extension IIS 5.0 can permit remote attackers to execute arbitrary code on the web server with the same privileges as the web server. The ISAPI .printer extension permits the submitting and controlling of print jobs over HTTP. There exists an unchecked buffer in the Host...

10CVSS7.7AI score0.87032EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2016/06/29 12:0 a.m.•2 views

ImageMagick Server Side Request Forgery (CVE-2016-3718)

A Server Side Request Forgery vulnerability exists in ImageMagick. A remote attacker may exploit this issue by making a specially crafted HTTP or FTP request. Successful exploitation would allow attackers to create HTTP or FTP requests on behalf of the vulnerable server...

4.3CVSS3AI score0.76897EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/29 12:0 a.m.•3 views

WordPress xmlrpc Weak Password Access Attempt

Sending a request to xmlrpc.php requires authentication. An attacker may attempt guessing passwords to the system while avoiding the admin login page...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/29 12:0 a.m.•5 views

ImageMagick Unauthorized File Moving (CVE-2016-3716)

An Unauthorized File Moving vulnerability exists in ImageMagick. A remote attacker may exploit this issue by using one of ImageMagick's pseudo protocols. Successful exploitation would allow attackers to move an uploaded file to a location where it might be later executed, resulting in remote...

4.3CVSS5.4AI score0.11338EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/06/29 12:0 a.m.•33 views

Microsoft Works and Office WkImgSrv.dll ActiveX Control Code Execution (CVE-2008-1898)

A vulnerability has been reported in Microsoft Works 7 and Microsoft Office 2003 and 2007. The vulnerability is due to a boundary error while handling an overly large argument. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that would pas...

9.3CVSS6.2AI score0.52033EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/06/29 12:0 a.m.•4 views

ImageMagick Pseudo Protocol Use Local Information Disclosure (CVE-2016-3717)

An Information Disclosure vulnerability exists in ImageMagick. A remote attacker may exploit this issue by using one of ImageMagick's pseudo protocols. Successful exploitation would allow attackers to read local files from the target user...

7.1CVSS3.4AI score0.2044EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/28 12:0 a.m.•8 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1084)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS4.1AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/28 12:0 a.m.•8 views

Adobe Reader Memory Corruption (APSB16-14: CVE-2016-1082)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS3.8AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/28 12:0 a.m.•7 views

Adobe Reader and Acrobat Information Disclosure (APSB16-14: CVE-2016-1080)

An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper handling of XML external entities. A remote attacker can exploit this issue by enticing a victim to open a specially crafted TIFF file...

10CVSS2.1AI score0.05825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/28 12:0 a.m.•6 views

Adobe Reader Memory Corruption (APSB16-14: CVE-2016-1083)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS3.8AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/28 12:0 a.m.•4 views

Adobe Reader and Acrobat Memory Corruption (APSB16-14: CVE-2016-1081)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of Adobe...

10CVSS3.6AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•10 views

Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1053)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.2AI score0.0641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•6 views

Adobe Acrobat and Reader Information Disclosure (APSB16-14: CVE-2016-1078)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS3.2AI score0.05825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•7 views

Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1052)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.2AI score0.0641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•7 views

Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1051)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.2AI score0.0641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•6 views

Adobe Acrobat and Reader Information Disclosure (APSB16-14: CVE-2016-1079)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

5CVSS3.2AI score0.10026EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•10 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1077)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS4.1AI score0.17411EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/06/27 12:0 a.m.•10 views

VideoCharge Software Watermark Master (CVE-2013-6935)

A stack based buffer overflow vulnerability was found in Watermark Master 2.2.23. The vulnerability is due to an error when Watermark Master improperly handles a specially crafted WCF file. Remote attackers can exploit this vulnerability and execute arbitrary code on the target machine by enticin...

9.3CVSS3.6AI score0.32351EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/26 12:0 a.m.•2 views

Apache Continuum Arbitrary Command Execution

A remote command injection vulnerability exists in Apache HTTP servers. By exploiting this vulnerability, a remote attacker can execute arbitrary code on the affected server...

4.4AI score
Exploits0
Total number of security vulnerabilities13538