Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
added 2016/04/13 12:0 a.m.2 views

WordPress ACF Frontend Display Plugin Arbitrary File Upload

An Arbitrary File Upload vulnerability exists in WordPress Advanced custom Fields ACF Frontend Display Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.2 views

Adobe Flash Player Security Bypass (APSB16-10: CVE-2016-1006)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

10CVSS2.8AI score0.03906EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.6 views

Microsoft Windows MSXML 3.0 Remote Code Execution (MS16-040: CVE-2016-0147)

A use after free vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows parses an XML file. A remote attacker can exploit this issue by enticing a target victim to run a specially crafted XML file. Successful exploitation could trigger arbitrary code...

9.3CVSS6.3AI score0.15709EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.10 views

Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0164)

A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web pa...

7.6CVSS7.6AI score0.13354EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.21 views

Microsoft Windows CSRSS Security Feature Bypass (MS16-048: CVE-2016-0151)

An elevation of privilege vulnerability exists in Microsoft Windows CSRSS. The vulnerability is due to an error in the way windows kernel verifies tokens. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

7.2CVSS6.2AI score0.63195EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.34 views

Microsoft Windows Graphics Memory Corruption (MS16-039: CVE-2016-0145)

A vulnerability was found in Microsoft Windows that could potentially lead to remote code execution. The main cause is the lack of validation on glyph bitmap boundary during scaling operation. This vulnerability can be exploited using a malformed font file TTF...

9.3CVSS8.5AI score0.43272EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.3 views

Adobe Flash Player Type Confusion (APSB16-10: CVE-2016-1015)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

9.3CVSS3.1AI score0.07133EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.3 views

Adobe Flash Player Buffer Overflow (APSB16-10: CVE-2016-1018)

A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS5.2AI score0.08292EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.15 views

Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0156)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.8AI score0.19173EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.10 views

ISC BIND buffer.c REQUIRE Assertion Failure Denial of Service (CVE-2015-8705)

A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to improper conversion of OPT resource records ECS options to text format. A remote, unauthenticated attacker could exploit this vulnerability against Recursive or Authoritative DNS servers tha...

6.6CVSS2.7AI score0.07654EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.25 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0127)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.8AI score0.21137EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.3 views

Adobe Flash Player Insecure Library Loading (APSB16-10: CVE-2016-1014)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insecure library loading while handling certain files. A remote attacker could exploit this issue by enticing a user to open a legitimate file that will insecurely load a specially crafted D...

7.2CVSS2.9AI score0.01205EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.14 views

Adobe Flash Player Use After Free Code Execution (APSB15-32: CVE-2015-8822)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

9.3CVSS2.9AI score0.06516EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.3 views

Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1016)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.06102EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.23 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0139; CVE-2016-0140)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.8AI score0.19384EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.9 views

Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0157)

A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

7.6CVSS7.7AI score0.15764EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.25 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0122)

A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted fi...

9.3CVSS7.8AI score0.41126EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.11 views

Microsoft Edge Memory Corruption (MS16-038: CVE-2016-0155)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.8AI score0.10325EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.7 views

Microsoft Windows Secondary Logon Denial of Service (MS16-046: CVE-2016-0135)

A remote denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles memory blocks while using the LSARPC protocol. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...

7.2CVSS7.7AI score0.01577EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.10 views

Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0166)

A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web pa...

7.6CVSS7.5AI score0.15764EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.10 views

Microsoft Edge Elevation of Privilege (MS16-038: CVE-2016-0161)

A cross site scripting vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge handles an exit event. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microso...

4.3CVSS6AI score0.6877EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.7 views

Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1017)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.06102EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.12 views

Microsoft Edge Elevation of Privilege (MS16-038: CVE-2016-0158)

An elevation of privilege vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge validates permissions under specific conditions. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with a...

4.3CVSS6.3AI score0.15078EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.13 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0136)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.8AI score0.20717EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.13 views

Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0154)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.14108EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.21 views

Microsoft Windows OLE Remote Code Execution (MS16-044: CVE-2016-0153)

A vulnerability was identified in Microsoft Word while processing an embedded object within a word document that could lead to a stack memory corruption. The Stack Corruption occures in ole32!OleRegEnumVerbs Functionis with an out of bound write...

9.3CVSS7.3AI score0.21382EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.23 views

Microsoft Win32k Elevation of Privilege (MS16-039: CVE-2016-0165)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows deals with allocation of an Edge buffer. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS5AI score0.13841EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.8 views

Microsoft Internet Explorer Memory Corruption (MS16-037: CVE-2016-0159)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS8.1AI score0.15764EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/11 12:0 a.m.31 views

Ipswitch WhatsUp Professional Source Disclosure (CVE-2006-2357)

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

5CVSS4.8AI score0.0353EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/11 12:0 a.m.4 views

Samba LDAP Server libldb Infinite Loop Denial of Service (CVE-2015-3223)

A denial-of-service vulnerability has been reported in the Samba LDAP server. The vulnerability is due to a error in processing certain LDAP requests by the libldb library used by the Samba daemon. A remote, authenticated attacker could exploit this vulnerability by sending malicious packets to...

5CVSS2.6AI score0.06884EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/10 12:0 a.m.17 views

Nginx DNS Resolver Denial of Service (CVE-2016-0742)

A denial-of-service vulnerability exists in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote, man-in-the-middle attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server...

5CVSS3.4AI score0.81958EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/07 12:0 a.m.2 views

Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1011)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.25639EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2016/04/07 12:0 a.m.2 views

Adobe Flash Player Memory Corruption (APSB16-10: CVE-2016-1012)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/07 12:0 a.m.6 views

Adobe Flash Player Use After Free Code Execution (APSB16-10: CVE-2016-1013)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.2281EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2016/04/06 12:0 a.m.3 views

Adobe Flash Player Remote Code Execution (APSA16-01: CVE-2016-1019)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected syst...

10CVSS4.2AI score0.22487EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/03 12:0 a.m.6 views

AWStats Totals awstatstotals.php sort Parameter Code Execution (CVE-2008-3922)

A code execution vulnerability has been reported in AWStats Totals. The vulnerability is due to insufficient sanitization of the "sort" parameter in the "awstatstotals.php". A remote attacker could exploit this vulnerability by dynamically creating an anonymous PHP function...

9.3CVSS9.3AI score0.53202EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2016/04/03 12:0 a.m.0 views

SwitchBlade Denial of Service Tool

SwitchBlade is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/03 12:0 a.m.1 views

SIPVicious Security Scanner

SIPVicious is a vulnerability scanning product. Remote attackers can use SIPVicious to detect vulnerabilities on a target server...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/04/03 12:0 a.m.20 views

Microsoft Windows RPC Authentication Downgrade (MS16-047: CVE-2016-0128; CVE-2016-2118)

A security bypass vulnerability, also referred to as BadLock, exists in Microsoft Windows clients connecting to Samba Servers. The vulnerability is due to an authentication design weakness...

6.8CVSS3.7AI score0.3693EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/30 12:0 a.m.0 views

SadAttack Denial of Service Tool

SadAttack is a DDoS tool that attacks Web servers with vast amounts of HTTP traffic using random parameters. A successful attack can cause a web server to terminate, leading to a denial-of-service condition...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/27 12:0 a.m.1 views

The Beast Security Scanner

A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the The Beast security scanner to detect vulnerabilities on a target server...

2.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/27 12:0 a.m.1 views

Suspicious Office File Mail Phishing Attempt

Certain exploits or ransomware can be downloaded using office file extensions as mail attachments . A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

6.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/27 12:0 a.m.3 views

Oracle Java SE Security Sandbox Escape (CVE-2013-5838; CVE-2016-0636)

A Java security sandbox escape vulnerability exists in Oracle Java SE, due to an input validation error. A remote attacker could entice a user running a browser which uses an affected Oracle Java SE release to visit a malicious web page that leverages this vulnerability. Successful exploitation c...

9.3CVSS2.3AI score0.05765EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/24 12:0 a.m.1 views

WordPress WPshop eCommerce Plugin Arbitrary File Inclusion

A File Inclusion vulnerability exists in WordPress WPshop eCommerce Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code ...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/23 12:0 a.m.0 views

WordPress DZS ZoomSounds Plugins Remote File Inclusion

A Remote File Inclusion vulnerability exists in WordPress DZS ZoomSounds Plugins. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/23 12:0 a.m.2 views

WordPress Slider Revolution Plugin Remote File Inclusion

A Remote File Inclusion vulnerability exists in WordPress Slider Revolution Plugin. Successful exploitation of this vulnerability would allow a non-authenticated attacker to include remote files and execute arbitrary code on the vulnerable system...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/23 12:0 a.m.20 views

WordPress Simple Ads Manager Plugin Arbitrary File Inclusion (CVE-2015-2825)

A File Inclusion vulnerability exists in WordPress Simple Ads Manager Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary cod...

7.5CVSS3.8AI score0.14451EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2016/03/23 12:0 a.m.2 views

WordPress InBoundio Marketing Plugin Remote File Inclusion

A vulnerability in WordPress InBoundio Marketing plugin allows users to upload files without proper validation of file type. Successful exploitation of this issue may allow execution of arbitrary code on a vulnerable system...

6.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/22 12:0 a.m.1 views

Apple OSX File With Non-Executable File Extension Arbitrary File Execution

Certain malicious OSX files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/03/22 12:0 a.m.139 views

Cross-Site Scripting Scanning Attempt (CVE-2015-4661; CVE-2019-16385; CVE-2019-9167; CVE-2020-10946; CVE-2020-12261; CVE-2020-13228; CVE-2020-13627; CVE-2020-13628; CVE-2020-14953; CVE-2021-21801; CVE-2021-25080; CVE-2022-25305; CVE-2022-28102)

Remote attackers use Cross-Site Scripting scanning in order to locate potential Cross-Site Scripting vulnerabilities on a target server, which could be later used for attacks...

4.3CVSS3.8AI score0.842EPSS
Exploits26
Total number of security vulnerabilities13538