Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/06/26 12:0 a.m.•1 views

Hmap Web-Server Fingerprint Tool

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Hmap web application fingerprint tool to detect vulnerabilities on a target server...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/26 12:0 a.m.•2 views

Suspicious Webpage JavaScript Downloader

Certain malicious executable files can be hidden using js downloader file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/23 12:0 a.m.•15 views

Apache Struts REST plugin Remote Code Execution (CVE-2016-4438)

A Remote Code Execution vulnerability exists in Apache Struts REST plugin. By sending a request containing a specially crafted expression, a remote attacker can exploit this vulnerability in order to execute arbitrary code on an Apache server...

7.5CVSS9.6AI score0.17171EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/06/23 12:0 a.m.•55 views

Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)

A code execution vulnerability exists in Apache Struts. The vulnerability is due the way the OGNL expressions are processed when DMI is enabled and the REST plugin is used. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitatio...

7.5CVSS4AI score0.81087EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/22 12:0 a.m.•22 views

Liferay Portal User Account Stored Cross Site Scripting (CVE-2016-3670)

A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a use...

4.3CVSS3.5AI score0.02291EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/06/21 12:0 a.m.•7 views

Adobe Acrobat and Reader Use After Free (APSB16-14: CVE-2016-1050)

A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Acrobat and Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...

10CVSS3.8AI score0.07394EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/21 12:0 a.m.•9 views

Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1046)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.2AI score0.0641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/20 12:0 a.m.•4 views

NewsGator FeedDemon Stack Buffer Overflow (CVE-2009-0546)

This module exploits a buffer overflow vulnerability in FeedDemon. When the application is used to import a specially crafted opml file, a buffer overflow occurs allowing arbitrary code execution...

9.3CVSS6.3AI score0.36511EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/06/20 12:0 a.m.•19 views

Apple QuickTime FPX File Parsing Memory Corruption (CVE-2016-1767)

A memory corruption vulnerability exists in Apple QuickTime. The vulnerability is due to improper parsing of FlashPix files. A remote attacker may exploit this vulnerability by enticing a victim into opening a crafted FlashPix file...

6.8CVSS4.3AI score0.0525EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/06/20 12:0 a.m.•12 views

Apple QuickTime PSD File Parsing Memory Corruption (CVE-2016-1769)

A memory corruption vulnerability exists in Apple QuickTime. The vulnerability is due to improper parsing of Photoshop files. A remote attacker may exploit this vulnerability by enticing a victim into opening a crafted PSD file. Successful exploitation could lead to arbitrary code execution under...

6.8CVSS5.4AI score0.0525EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4141)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted JPEG-XR file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted JPEG-XR file...

9.3CVSS4.8AI score0.0381EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•9 views

Adobe Acrobat and Reader Use-After-Free (APSB16-14: CVE-2016-1045)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.2AI score0.0641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•1 views

Nagios XI Incident Manager Integration Component SQL Injection

A SQL injection vulnerability has been reported in the Nagios Incident Manager IM integration component of Nagios XI. The vulnerability is due to insufficient parameter validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a special...

1.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•8 views

Adobe Flash Player Buffer Overflow (APSB16-18: CVE-2016-4138)

A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted ATF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ATF file...

10CVSS5.4AI score0.25419EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB16-18: CVE-2016-4142)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.0381EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•71 views

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

6.4CVSS1.7AI score0.92719EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/06/19 12:0 a.m.•8 views

Adobe Flash Player Memory Corruption (APSB16-18: CVE-2016-4137)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted ATF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ATF file...

9.3CVSS4.8AI score0.16385EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•15 views

Shopware getTemplateName Local File Inclusion (CVE-2016-3109)

A local file inclusion vulnerability has been reported in Shopware. This vulnerability is due to insufficient input validation in the getTemplateName method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitati...

10CVSS3.4AI score0.28217EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•11 views

Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1039)

A security bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a specially crafted PDF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...

10CVSS5.1AI score0.06293EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•4 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1073)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS4.1AI score0.05825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•3 views

Microsoft Office Files Containing Malicious VBScript Downloader

Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•20 views

Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)

A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...

4.3CVSS6.3AI score0.03065EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•10 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1072)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

10CVSS4.1AI score0.05804EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/16 12:0 a.m.•17 views

Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)

A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...

4.3CVSS6.4AI score0.03203EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/15 12:0 a.m.•11 views

Squid Proxy ESI Component Stack Buffer Overflow (CVE-2016-4054)

A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes ESI component of the Squid proxy. The vulnerability is due to improper handling of ESI response packets. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the target...

6.8CVSS4.6AI score0.77559EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/15 12:0 a.m.•18 views

Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)

A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...

4CVSS5.5AI score0.56314EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/06/15 12:0 a.m.•4 views

Squid Squoison Host Header Cache Poisoning (CVE-2016-4553)

A cache poisoning vulnerability exists in Squid proxy when configured as a transparent proxy. The flaw is caused by improper inspection of the Host header against the URI in the HTTP request line. An attacker can exploit this flaw by sending a crafted request to some website through the proxy...

5CVSS0.5AI score0.79969EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/15 12:0 a.m.•10 views

Adobe Flash Player Memory Corruption (APSA16-03: CVE-2016-4171)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.19903EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•0 views

Schneider Electric HMI Denial Of Service Tool

Schneider Electric HMI DoS Tool is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

1.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•43 views

Microsoft Windows ATMFD.DLL Elevation of Privilege (MS16-074: CVE-2016-3220)

An out of bound memory access vulnerability exists in Microsoft Windows ATMFD.DLL. The root cause is within atmfd.dll sub components that miscalculate indices to an array when dealing with a specially crafted ttf file. A successful exploitation could allow an attacker to run arbitrary code with...

6.9CVSS6.7AI score0.06976EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•10 views

Microsoft Win32k Elevation of Privilege (MS16-073: CVE-2016-3221)

A null pointer dereference vulnerability exists in Microsoft Windows. The root cause comes from win32k sub component when handling desktop creation. If successfully exploited, an attacker could elevate his privileges on the local system...

6.9CVSS7.2AI score0.0595EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•10 views

Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1038)

A security bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in handling trusted JavaScript functions. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

10CVSS1.8AI score0.0697EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3210)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory...

9.3CVSS8.8AI score0.21862EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-070: CVE-2016-0025)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.3AI score0.16722EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1074)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat's Universal 3D Engine. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

10CVSS4.7AI score0.0615EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•20 views

Adobe Acrobat and Reader Security Bypass (APSB16-14: CVE-2016-1044)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...

10CVSS3.5AI score0.06911EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•20 views

Schneider Electric Magelis HMI Advanced Panel Remote Denial Of Service (CVE-2016-8367; CVE-2016-8374)

A denial of service vulnerability exists in Schneider Electric Magelis HMI Advanced Panel, AKA Panelshock. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This...

7.8CVSS2.6AI score0.04301EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•10 views

Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3199)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

9.3CVSS8.8AI score0.2659EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•22 views

Microsoft Office Information Disclosure (MS16-070: CVE-2016-3234)

An out of bound memory access vulnerability was discovered within Microsoft office word. The root cause comes from wwlib.dll sub components that could lead to an out of bound memory read when processing a malformed rtf document...

4.3CVSS5.5AI score0.26488EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•12 views

Microsoft Windows PDF Library Information Disclosure (MS16-080: CVE-2016-3215)

A vulnerability exists in Microsoft EDGE and Windows PDF Library that could lead to an out of bound memory access. The root cause of this vulnerability is an error when parsing a malformed JPEG2000 image header embedded within the PDF document. A successfully exploitation of this issue could allo...

4.3CVSS6.4AI score0.33569EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•30 views

Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3222)

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...

9.3CVSS8.7AI score0.56767EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3206)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bound write access. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would...

7.6CVSS8.1AI score0.1466EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•13 views

Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)

An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...

6.4CVSS1.6AI score0.50888EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•5 views

Microsoft Internet Explorer XSS Filter Bypass (MS16-063: CVE-2016-3212)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the JS prevents an object from loading. A remote attacker can exploit this issue by enticing a user to open a specific web-page with a relevant query on an affected version of Internet...

4.3CVSS7.7AI score0.10153EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•7 views

Microsoft Office Memory Corruption (MS16-070: CVE-2016-3233)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.3AI score0.14825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•52 views

Microsoft Windows Win32k Elevation of Privilege (MS16-074: CVE-2016-3219)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on disk. A successful exploitation could allow an attacker to run arbitrary code with elevated...

6.9CVSS6.9AI score0.06129EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•8 views

Microsoft Edge Security Feature Bypass (MS16-068: CVE-2016-3198)

A vulnerability was discovered within Mirosoft EDGE that could allw security feature bypass. The vulnerability could allow an attacker to bypass the Content Security Policy CSP...

4.3CVSS7.3AI score0.32484EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Use After Free Code Execution (APSB16-14: CVE-2016-1075)

A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...

10CVSS4AI score0.06464EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•30 views

Microsoft Office winword Information Disclosure (MS16-074: CVE-2016-3216)

An out of bound read vulnerability exists within Microsoft Office winword application. The problem is caused by improper parsing of the EMF files. A successfull exploitation of the issue would allow an attacker to perform sensitive information disclosure that could be used to bypass some exploit...

4.3CVSS5.2AI score0.24988EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS16-063: CVE-2016-3207)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.17401EPSS
Exploits0
Total number of security vulnerabilities13538