Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•51 views

Microsoft Win32k Elevation of Privilege (MS16-062: CVE-2016-0173)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is caused when Microsoft Windows improperly deals with DC Device context surface. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.4AI score0.03663EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS16-051: CVE-2016-0192)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page that could cause...

7.6CVSS8.1AI score0.16885EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•33 views

Microsoft Windows Win32k Elevation of Privilege (MS16-062: CVE-2016-0171)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows handles DC surface. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted application...

7.2CVSS7.4AI score0.03799EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•7 views

Microsoft Windows Graphics Component Information Disclosure (MS16-055: CVE-2016-0169)

Information disclosure vulnerability exists in Windows GDI component. The vulnerability is due to the way Microsoft Graphics Component improperly discloses contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the users...

4.3CVSS6.9AI score0.43248EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•56 views

Microsoft Internet Explorer Memory Corruption (MS16-051: CVE-2016-0189)

A use after free vulnerability exists in Microsoft Internet Explorer. The root cause is a heap corruption when dealing with a corrupted VBScript array size. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...

7.6CVSS3.6AI score0.93165EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•33 views

Microsoft Windows Media Center Remote Code Execution (MS16-059: CVE-2016-0185)

A flaw exists in Windows Media Center when parsing MCL files. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted Media Center file. Successful exploitation could allow attackers to execute code on the target system...

9.3CVSS6.4AI score0.6994EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•26 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (MS16-051: CVE-2016-0187)

A use-after-free vulnerability was detected in Microsoft Internet Explorer in the handling of BooleanProtoObj objects. The underlying vulnerability lies in jscript!JSONStringifyArray where a previously released object is reused...

7.6CVSS0.8AI score0.21591EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•6 views

Microsoft Graphics Component Remote Code Execution (MS16-055: CVE-2016-0184)

A use after free vulnerability exists in Windows Graphics Component. The vulnerability is due to the way Microsoft Windows does not properly handle objects in memory while parsing specially crafted files. A remote attacker could exploit this vulnerability by enticing the target user to open a...

9.3CVSS8.2AI score0.18765EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•13 views

Microsoft Office Graphics Information Disclosure (MS16-054: CVE-2016-0183)

An information disclosure vulnerability exists in Microsoft Office Graphics. The vulnerability is due to an out of bound memory read resulting in a memory safety issue. A successful exploitation of the issue could allow an attacker to achieve information disclosure...

9.3CVSS7.2AI score0.15704EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•14 views

Microsoft Internet Explorer Information Disclosure (MS16-051: CVE-2016-0194)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling files. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...

2.6CVSS5.5AI score0.15511EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•14 views

Microsoft Windows RPC Elevation Of Privilege (MS16-061: CVE-2016-0178)

A heap corruption vulnerability exist in Microsoft Windows. The root cause comes from the current implementation of the RPC NDR64 protocol. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted application and cause a denial of service on the RPC server...

9CVSS8.2AI score0.16706EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•17 views

Microsoft HTTP.sys HTTP 2.0 Denial of Service (MS16-049; CVE-2016-0150)

A denial-of-service vulnerability exists in Microsoft Windows' HTTP 2.0 protocol stack, HTTP.sys. The vulnerability is due to insufficient validation of HTTP 2.0 requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP packet to the target...

7.8CVSS7.3AI score0.29352EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•14 views

Microsoft Edge Memory Corruption (MS16-052: CVE-2016-0193)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.20081EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•28 views

Microsoft Windows Graphics Component Information Disclosure (MS16-055: CVE-2016-0168)

A Vulnerability was discovered within Internet explorer when handling a spcially crafted EMF file allowing an information disclosure about the user filesystem. The root cause of the vulnerability is related to the CreateColorSpaceW function that tries to build a file path checking of its existanc...

4.3CVSS6.9AI score0.43248EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•8 views

Microsoft Office Memory Corruption (MS16-054: CVE-2016-0126)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.8AI score0.19641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/09 12:0 a.m.•16 views

WordPress Suspicious File Upload (CVE-2020-12800)

A remote attacker can upload a malicious file to WordPress. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...

7.5CVSS3.7AI score0.78751EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/05/09 12:0 a.m.•14 views

OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)

An information disclosure vulnerability exists in the AES-NI implementation of OpenSSL. The vulnerability is due to memory allocation miscalculation during a certain padding check. A remote attacker can exploit this vulnerability to obtain sensitive cleartext information via a padding-oracle atta...

2.6CVSS2.3AI score0.89058EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/05/08 12:0 a.m.•1 views

WordPress Header.php Unauthorized Code Injection

A Code Injection vulnerability has been reported in WordPress. Successful exploitation of this vulnerability would allow a remote attacker to redirect the clients who access an Infected WordPress website to an attacker-controlled page, and infect the client host...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/04 12:0 a.m.•5 views

ImageMagick Unauthorized File Deletion (CVE-2016-3715)

A file deletion vulnerability has been reported in ImageMagick. The vulnerability is due to insufficient filtering of shell characters. A remote attacker may exploit this issue by sending a crafted request containing such characters. Successful exploitation would allow attackers to delete files i...

5.8CVSS4.2AI score0.75383EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/05/04 12:0 a.m.•13 views

Oracle Application Testing Suite DownloadServlet scriptPath Directory Traversal (CVE-2016-0484)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scriptPath. A remote, unauthenticated attacker can exploit this vulnerability by...

5CVSS1.2AI score0.22011EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/04 12:0 a.m.•20 views

Oracle Application Testing Suite DownloadServlet file Directory Traversal (CVE-2016-0482)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with the "file" parameter. A remote unauthenticated attacker can exploit this vulnerability by sendin...

5CVSS1.9AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/04 12:0 a.m.•9 views

Oracle ATS DownloadServlet scriptName Directory Traversal (CVE-2016-0478)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI with parameter scriptName. A remote unauthenticated attacker can exploit this vulnerability by...

5CVSS1.5AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•1 views

WordPress DZS Videogallery Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress DZS Videogallery Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•0 views

WordPress Captcha Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress Captcha Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•0 views

WordPress Clikstats Plugin Open Redirection

A website redirection vulnerability exists in WordPress Clickstats Plugin. Successful exploitation of this vulnerability would allow a remote attacker to redirect the clients who access a WordPress website to an attacker-controlled page, and infect the client host...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•1 views

WordPress jQuery Html5 File Upload Plugin Arbitrary File Upload

An Arbitrary File Upload vulnerability exists in WordPress jQuery Html5 File Upload Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•1 views

WordPress Instagram Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress Instagram Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•1 views

WordPress Commentator Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress Commentator Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•2 views

WordPress LeenkMe Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress LeenkMe Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•2 views

WordPress Comment Rating Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress Comment Rating Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•1 views

WordPress SP Projects and Document Manager Plugin Arbitrary Code Execution

A code execution vulnerability exists in WordPress SP Projects and Document Manager Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•2 views

WordPress Ocim MP3 Plugin SQL Injection

An SQL injection vulnerability exists in WordPress Ocim MP3 Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•2 views

WordPress SP Projects and Document Manager Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress SP Projects and Document Manager Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•2 views

WordPress iThemes Security Plugin Local File Access

A local file access vulnerability exists in WordPress iThemes Security Plugin. Successful exploitation of this vulnerability could allow an attacker to read and obtain backup and log files from the victim's computer...

3.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/03 12:0 a.m.•23 views

PHP ZIP Archive Heap Overflow (CVE-2016-3078)

A heap overflow vulnerability exists in PHP, due to an integer overflow when reading ZIP files. A remote attacker can exploit this vulnerability by sending a crafted ZIP archive to a web application running a vulnerable version of PHP. A successful attack can result in remote code execution under...

7.5CVSS4.8AI score0.5851EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/05/02 12:0 a.m.•18 views

Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...

5CVSS2.2AI score0.27519EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/01 12:0 a.m.•16 views

Oracle ATS DownloadServlet TMAPReportImage Directory Traversal (CVE-2016-0480)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter TMAPReportImage. A remote unauthenticated attacker can exploit this vulnerability by...

5CVSS1.9AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/01 12:0 a.m.•1 views

Microsoft Office RTF Embedded Object Remote Code Execution

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file a...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/01 12:0 a.m.•19 views

Oracle ATS DownloadServlet scheduleReportName Directory Traversal (CVE-2016-0481)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scheduleReportName. A remote unauthenticated attacker can exploit this vulnerability...

5CVSS1.5AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/01 12:0 a.m.•14 views

Oracle ATS DownloadServlet OTM reportName Directory Traversal (CVE-2016-0485)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter reportName.A remote unauthenticated attacker can exploit this vulnerability by sendi...

5CVSS2.7AI score0.27519EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/01 12:0 a.m.•56 views

Apache Struts Dynamic Method Remote Code Execution (CVE-2016-3081)

A remote code execution vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to Dynamic Method invocation content. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server. A successful attac...

9.3CVSS9.3AI score0.9373EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2016/04/26 12:0 a.m.•15 views

Oracle Application Testing Suite DownloadServlet scenario Directory Traversal (CVE-2016-0477)

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious...

5CVSS1.7AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/25 12:0 a.m.•1 views

Suspicious Sender Mail Phishing Attempt

Phishing and ransomware emails are often sent from known suspicious domains. E-mails sent from such domains might be indicative of phishing attempt, ransomware, or other attempts to compromise the network...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/25 12:0 a.m.•9 views

Advantech WebAccess multiple services Buffer Overflow (CVE-2016-0856)

A buffer overflow vulnerability has been reported in the webvrpcs and datacore service of Advantech WebAccess. The vulnerability is due to an insecure call to some functions. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target...

10CVSS4.5AI score0.16655EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2016/04/25 12:0 a.m.•1 views

PayPal Mail Phishing Containing Attachment

Genuine email from PayPal will never include attachments. A remote attacker could send spam PayPal e-mails including those malicious attachments and convince users to manually enable them. This would allow the malicious code to run and infect the target system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/21 12:0 a.m.•17 views

Microsoft .NET Framework mscoreei.dll Insecure Library Loading (MS16-041; CVE-2016-0148)

An insecure library loading vulnerability exists in Microsoft Windows. The vulnerability is due to the way that the affected component handles the loading of dynamic link library .DLL files. A remote attacker could exploit this vulnerability by enticing a target user to open an Office file from a...

7.2CVSS7.8AI score0.13924EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/19 12:0 a.m.•2 views

Apache Jetspeed Privilege Escalation

A privilege escalation vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/18 12:0 a.m.•31 views

Apache Jetspeed SQL Injection (CVE-2016-0710)

An SQL injection vulnerability exists in Apache Jetspeed. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.1AI score0.52351EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/04/18 12:0 a.m.•29 views

Apache Jetspeed Remote Code Execution (CVE-2016-0709)

A code execution vulnerability exists Apache Jetspeed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.2AI score0.77495EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/04/17 12:0 a.m.•43 views

ZTE F460/F660 Backdoor Unauthorized Access (CVE-2014-2321)

An Unauthorized Access Vulnerability exists in ZTE F460 and F660 cable modems. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands with administrator level access on the affected device...

10CVSS7.7AI score0.59259EPSS
Exploits1
Total number of security vulnerabilities13538