Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
added 2016/05/30 12:0 a.m.2 views

ESF pfSense status_rrd_graph_img.php Command Injection

A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...

2.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/30 12:0 a.m.3 views

WordPress CSV Import Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress CSV Import Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/30 12:0 a.m.29 views

SolarWinds SRM Profiler SQL Injection (CVE-2016-4350)

An SQL injection vulnerability has been reported in SolarWinds Storage Manager Resource Monitor, Profiler Module. This vulnerability is due to insufficient validation in several parameters when processing HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending ...

10CVSS1.6AI score0.70167EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/29 12:0 a.m.7 views

GD Library libgd gd_gd2.c Heap Buffer Overflow (CVE-2016-3074)

A heap buffer overflow vulnerability has been reported in libgd. The vulnerability is due to a signedness error that leads to a heap buffer overflow. Libgd is included within PHP. A remote attacker can exploit this flaw having the target process a crafted malicious GD2 file...

7.5CVSS2.5AI score0.36974EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2016/05/29 12:0 a.m.3 views

Diasoft File Replication Pro ExecCommand Command Execution

A command execution vulnerability exists in Diasoft File Replication Pro. This is due to exposure of the dangerous remote procedure call feature. A remote attacker can exploit this vulnerability by simply calling the ExecCommand RPC API...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/29 12:0 a.m.17 views

Magento API unserialize Remote Code Execution (CVE-2016-4010)

A remote code execution vulnerability exists in the e-commerce platform Magento. The vulnerability is due to deserialization of attacker controlled objects via the checkout API. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted Web API request to the target...

7.5CVSS4.5AI score0.92869EPSS
Exploits10
Check Point Advisories
Check Point Advisories
added 2016/05/29 12:0 a.m.18 views

Flexera FlexNet Publisher License Server Buffer Overflow (CVE-2015-8277)

Two buffer overflow vulnerabilities have been discovered in the FlexNet Publisher license server manager. These vulnerabilities are due to improper bounds checking in a custom strncpy function when handling requests received over the network. An attacker could leverage these vulnerabilities by...

10CVSS9.8AI score0.28677EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/26 12:0 a.m.13 views

Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...

9CVSS3.5AI score0.82697EPSS
Exploits23
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.0 views

Suspicious Link Redirection JavaScript Phishing Attempt

Several phishing campaigns use embedded redirection links in order to lure the victim user to download malicious files. Successful exploitation could result in arbitrary code running on the victim machine when the malicious file is opened...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.3 views

Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1098)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.6CVSS4.4AI score0.09561EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.5 views

Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1099)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.6CVSS4.4AI score0.09561EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.2 views

Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1100)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.6CVSS4.4AI score0.09561EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.3 views

Adobe Flash Player Buffer Overflow (APSB16-15; CVE-2016-1101; CVE-2016-1102; CVE-2016-1103; CVE-2016-1104)

A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.6CVSS5.2AI score0.39645EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2016/05/25 12:0 a.m.5 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1097)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.08382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.1 views

WordPress WP Advanced Comment Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress WP Advanced Comment Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.5 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1109)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.08382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.1 views

Trend Micro Antivirus Password Manager Code Injection

A code injection vulnerability exists in the Trent Micro Password Manager. The vulnerability is due to the Nodejs server incorrectly validating HTTP requests to the "/api/showSB" URI. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web page...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.8 views

Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection (CVE-2016-2002)

A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. The vulnerability is due to insufficient input sanitation. A remote, unauthenticated attacker may exploit this vulnerability by sending a crafted HTTP request. Successful exploitation...

10CVSS2.8AI score0.03086EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.17 views

Novell Service Desk clientImportUploadForm Directory Traversal (CVE-2016-1593)

A directory traversal vulnerability exists in Novell Service Desk. The vulnerability is due to an input validation error when accepting user uploaded files via the clientImportUploadForm form. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the...

6.5CVSS2.5AI score0.64142EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.18 views

Adobe Acrobat And Reader Double-Free (APSB16-02: CVE-2016-1111)

A double-free vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

6.8CVSS8.7AI score0.05367EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.4 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1110)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.08382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.3 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-4108)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.37716EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.2 views

WordPress FAQ WD Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress FAQ WD Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.2 views

WordPress SP Projects and Document Manager Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress SP Projects and Document Manager Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.2 views

WordPress Robo Gallery Plugin remote Code Execution

A code execution vulnerability exists in WordPress Robo Gallery Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.37 views

Advantech WebAccess SCADA Dashboard Arbitrary File Upload (CVE-2016-0854)

An arbitrary file upload vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the uploadImageCommon, uploadFile or uploadBannerImage methods in the UploadAjaxAction script. A remote, unauthenticated...

10CVSS9.5AI score0.77044EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.4 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1108)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.08382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.3 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1106)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.37213EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.3 views

Adobe Flash Player Memory Corruption (APSB16-15: CVE-2016-1096)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.6CVSS4.4AI score0.39645EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.9 views

Adobe Flash Player Type Confusion (APSB16-15: CVE-2016-1105)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

7.6CVSS3.1AI score0.37716EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.6 views

Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-1107)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

7.6CVSS3.5AI score0.08382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/23 12:0 a.m.59 views

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

8.3CVSS1.7AI score0.94104EPSS
Exploits10
Check Point Advisories
Check Point Advisories
added 2016/05/22 12:0 a.m.8 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1086)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/22 12:0 a.m.17 views

Apache Struts XSLTResult File Inclusion (CVE-2016-3082)

A file inclusion vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to a failure to validate user's input when stylesheet is being passed as a request parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...

10CVSS8.8AI score0.20167EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/21 12:0 a.m.6 views

Adobe Acrobat And Reader Memory Corruption (APSB16-14: CVE-2016-1116)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5AI score0.03716EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/19 12:0 a.m.6 views

Squid HTTP Response Processing Denial of Service (CVE-2016-3948)

The vulnerability is due to improper bounds checking while processing HTTP responses. A remote, unauthenticated attacker can exploit this vulnerability by returning crafted HTTP responses to the vulnerable proxy server. Successful exploitation of the vulnerability could lead to denial-of-service...

5CVSS1.5AI score0.35265EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/19 12:0 a.m.11 views

Adobe Acrobat and Reader Memory Corruption (APSB16-14: CVE-2016-1037)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5AI score0.03737EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/18 12:0 a.m.15 views

WordPress Core Flash File Same-Origin Method Execution (CVE-2016-4566)

A same-origin method execution vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS6AI score0.05361EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/17 12:0 a.m.9 views

ISC BIND rndc Control Channel Assertion Failure Denial of Service (CVE-2016-1285)

A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improper handling of packets sent to rndc control channel interface. A remote, unauthenticated attacker could exploit this vulnerabilities by sending a maliciously crafted packet to the rndc control channel interfa...

4.3CVSS2.7AI score0.59143EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/17 12:0 a.m.15 views

WordPress Core Flash File Cross-Site Scripting (CVE-2016-4567)

A cross-site scripting vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.5AI score0.06405EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/17 12:0 a.m.6 views

ISC BIND DNS Cookie Assertion Failure Denial of Service (CVE-2016-2088)

A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improperly processing DNS cookies. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server...

4.3CVSS3.4AI score0.2262EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/16 12:0 a.m.1 views

Oracle GlassFish Server ThemeServlet Directory Traversal

A directory traversal vulnerability exists in Oracle GlassFish Server. The vulnerability is due to insufficient input validation while processing HTTP requests to the /theme/ URI. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/16 12:0 a.m.6 views

ISC BIND DNAME RRSIG Assertion Failure Denial of Service (CVE-2016-1286)

A denial-of-service vulnerability exists in ISC BIND9. The vulnerability is due to improperly processing DNAME resource record signature RRSIG records. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server...

5CVSS4.1AI score0.621EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/15 12:0 a.m.7 views

Advantech WebAccess SCADA Dashboard Directory Traversal (CVE-2016-0855)

A directory traversal vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the openWidget, removeFolder or removeFile methods in the FileAjaxAction script. A remote, unauthenticated attacker could explo...

5CVSS7.6AI score0.04693EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/13 12:0 a.m.9 views

Adobe Flash Out of Bounds Access Code Corruption (CVE-2016-4117)

An out of bounds access vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type-confused parameter in Adobe Flash Player SWF file. A remote attacker can exploit this issue by using the out of bounds access for unintended reads, writes or frees – potentially leadi...

10CVSS2.5AI score0.94354EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.8 views

Microsoft Internet Explorer Information Disclosure (MS16-051: CVE-2016-0194)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling files. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...

2.6CVSS5.5AI score0.15511EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.7 views

Microsoft Office Memory Corruption (MS16-054: CVE-2016-0126)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.8AI score0.19641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.12 views

Microsoft Windows Win32k Elevation of Privilege (MS16-062: CVE-2016-0176)

A heap corruption vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel is calculating the correct size of the current tocken, which will lead to a buffer overflow. A remote attacker can exploit this vulnerability by running a specially crafted...

7.2CVSS7.6AI score0.02031EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.16 views

Microsoft HTTP.sys HTTP 2.0 Denial of Service (MS16-049; CVE-2016-0150)

A denial-of-service vulnerability exists in Microsoft Windows' HTTP 2.0 protocol stack, HTTP.sys. The vulnerability is due to insufficient validation of HTTP 2.0 requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP packet to the target...

7.8CVSS7.3AI score0.29352EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/05/10 12:0 a.m.27 views

Microsoft Windows Win32k Elevation of Privilege (MS16-062: CVE-2016-0171)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows handles DC surface. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted application...

7.2CVSS7.4AI score0.03799EPSS
Exploits2
Total number of security vulnerabilities13538