Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/03/21 12:0 a.m.•16 views

Cisco Adaptive Security Appliance IKEv1 and IKEv2 multiple payloads Buffer Overflow (CVE-2016-1287)

A buffer overflow vulnerability exists in Cisco Adaptive Security Appliance software. The vulnerability is due to a failure on part of Internet Key Exchange version 1 and version 2 code to handle UDP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted...

9.6AI score0.77462EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/03/21 12:0 a.m.•2 views

WordPress MiwoFTP Plugin Arbitrary File Download

An arbitrary file download vulnerability exists in Wordpress MiwoFTP Plugin. The vulnerability is due to a parameter arriving from user input, which is not properly sanitized. By using a specially crafted HTTP request, a remote attacker might gain access to arbitrary files...

2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/21 12:0 a.m.•3 views

AnonStress Denial Of Service Tool

AnonStress is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/21 12:0 a.m.•20 views

Apache Subversion svn Protocol Parser Integer Overflow (CVE-2015-5259)

An integer overflow vulnerability exists in Apache Subversion. The vulnerability is due to a flaw in the svn protocol parser. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests that will be processed by the svnserve protocol...

9CVSS8.4AI score0.57037EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/21 12:0 a.m.•33 views

Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation when processing HTTP request sent to URI "/olt/UploadFileUpload.do". A remote attacker can exploit this vulnerability by sending a malicious request to the...

6.4CVSS2.3AI score0.8075EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/03/20 12:0 a.m.•2 views

Oracle Application Testing Suite DownloadServlet reportName Directory Traversal (CVE-2016-0476)

A directory traversal vulnerability has been reported in Oracle Load Testing component of Oracle Application Testing Suite. The vulnerability is caused due to improper handling of path names when downloading files via the Oracle Load Testing component. Unauthenticated remote attackers could explo...

5CVSS4AI score0.21922EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/20 12:0 a.m.•9 views

Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow (CVE-2015-8572)

A heap buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to an error when processing GlobalColorTable flag and DataSubBlock size fields inside a GIF file. In order to exploit the vulnerability, the remote attacker needs to entice the target user to open a...

6.8CVSS7.4AI score0.03751EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/20 12:0 a.m.•16 views

Microsoft Outlook Express NNTP handler Buffer Overflow (CVE-2005-1213)

A buffer overflow vulnerability has been reported in Microsoft Outlook Express. The vulnerability is due to an insufficient boundary checking when the vulnerable product processes Network News Transfer Protocol NNTP server responses. An attacker can exploit this vulnerability to inject and execut...

7.5CVSS7.4AI score0.73961EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2016/03/17 12:0 a.m.•0 views

Apache Tomcat Web Manager Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for Apache Tomcat servers, in order to later exploit vulnerabilities in these servers to compromise the server's security...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/17 12:0 a.m.•16 views

ZMap Security Scanner over HTTP

A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the ZMap security scanner to detect vulnerabilities on a target server...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/17 12:0 a.m.•0 views

PHP Proxy Server Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for the existence of specific proxy servers with known vulnerabilities, in order to later exploit these vulnerabilities to compromise the server's security...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/17 12:0 a.m.•0 views

Multiple Routers Rom-0 Scanning Attempt

A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the Rom-0 vulnerability to get user credentials and other sensitive information...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/17 12:0 a.m.•2 views

Jorgee Security Scanner

A vulnerability scanning tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use the Jorgee security scanner to detect vulnerabilities on a target server...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/16 12:0 a.m.•14 views

Microsoft Windows DNS Use After Free (MS15-127: CVE-2015-6125)

A remote code execution vulnerability exists in Windows DNS servers when they fail to properly parse requests. An attacker could create a specially crafted application to connect to a Windows DNS server and then issue malicious requests to the server. Successful exploitation of this vulnerability...

9.3CVSS7.3AI score0.29614EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/16 12:0 a.m.•6 views

Apache ActiveMQ Shutdown Command Denial of Service (CVE-2014-3576)

A denial of service vulnerability exists in Apache ActiveMQ. The vulnerability is due to missing authentication for the undocumented shutdown command. A remote, unauthenticated attacker may exploit this vulnerability by sending crafted packets to the server. Successful exploitation could lead to ...

5CVSS5.1AI score0.12794EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/15 12:0 a.m.•0 views

Microsoft Office RTF Malicious Known Variables

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file a...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/15 12:0 a.m.•9 views

Apache Subversion mod_dav_svn Integer Overflow (CVE-2015-5343)

Heap overflow and out-of-bounds read vulnerabilities have been reported in the moddavsvn of Apache Subversion web servers. These vulnerabilities are caused by an integer overflow when parsing certain encoded requests. A remote, authenticated attacker could exploit this vulnerability by sending...

8CVSS4.3AI score0.30216EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/14 12:0 a.m.•1 views

WordPress Ultimate Product Catalogue Plugin Unauthenticated File Upload

An unauthorized file upload vulnerability exists in WordPress Ultimate Product Catalogue Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/14 12:0 a.m.•19 views

Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...

6.5CVSS2.1AI score0.54782EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/14 12:0 a.m.•30 views

Microsoft Data Access Components Overflow (CVE-2002-1142)

A heap-based buffer overflow vulnerability exists in Remote Data Services RDS component of Microsoft Data Access Components MDAC. The vulnerability is due to a design error in the processing of malformed HTTP request to the Data Stub. Successful exploitation of this vulnerability allows remote...

7.5CVSS7.6AI score0.76004EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/03/13 12:0 a.m.•0 views

Suspicious HTTPS Gmail Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/13 12:0 a.m.•2 views

Suspicious Mail Attachment Containing JavaScript Code

Mail attachments containing JavaScript code were observed as part of various phishing campaigns. A remote attacker could send e-mails including those files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method ...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/13 12:0 a.m.•1 views

Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/10 12:0 a.m.•5 views

Adobe Acrobat And Reader Memory Corruption (APSB16-09: CVE-2016-1007)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS9AI score0.06103EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/10 12:0 a.m.•7 views

Adobe Flash Player Integer Overflow (APSB16-08: CVE-2016-1010)

An integer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient boundary checking in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS4.4AI score0.19785EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/03/10 12:0 a.m.•10 views

Adobe Acrobat and Reader updaternotifications.dll Library Loading (APSB16-09: CVE-2016-1008)

A code injection vulnerability has been discovered in Adobe Reader and Acrobat. The vulnerability is due to the updatenotification.dll component of Adobe Reader and Acrobat. A remote attacker might exploit this issue by convincing a victim to open a specially crafted PDF file...

7.2CVSS9.2AI score0.01098EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/10 12:0 a.m.•20 views

WordPress Genericons Cross-Site Scripting (CVE-2015-3429)

A cross-site scripting vulnerability was found in the Genericons web font used in WordPress sites. A remote attacker could use this vulnerability to execute malicious JavaScript code on the client browser...

4.3CVSS3.2AI score0.03803EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/03/09 12:0 a.m.•5 views

Microsoft Network Policy Server RADIUS Denial of Service (MS16-021; CVE-2016-0050)

A denial-of-service vulnerability exists in Microsoft Network Policy Server. The vulnerability is due to improper handling of username strings in RADIUS authentication requests. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted requests to the...

5CVSS1.7AI score0.20659EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/09 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0995)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.0642EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•1 views

WordPress Sensitive System Files Information Disclosure

An information disclosure vulnerability exists in multiple WordPress Plugins and themes. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•13 views

Microsoft Windows Elevation of Privilege (MS16-031: CVE-2016-0087)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to type confusion. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted file...

7.2CVSS7.4AI score0.0155EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•10 views

LibreOffice and OpenOffice ODF Document PrinterSetup Integer Underflow (CVE-2015-5212)

An integer underflow vulnerability exists in LibreOffice and OpenOffice. The vulnerability is due to insufficient size checks when processing the PrinterSetup data within ODF documents. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted...

6.8CVSS5.9AI score0.08722EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•27 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0111)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.43643EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•11 views

Microsoft Windows OLE Memory Remote Code Execution (MS16-030: CVE-2016-0092)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused due to a missing bound checks. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.9AI score0.58181EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•20 views

Microsoft Windows OpenType Font Parsing Remote Code Execution (MS16-026: CVE-2016-0121)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused when the Windows Adobe Type Manager Library improperly handles specially crafted fonts. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page...

9.3CVSS8.6AI score0.4124EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0103)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer due to out-of-bound write access during an inner operation. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memory...

7.6CVSS7.8AI score0.13465EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0104)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.13354EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0110)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer copies data between two mismatched size arrays considering only the size of the source array. A remote attacker can exploit this issue by...

7.6CVSS7.8AI score0.14108EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•16 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0114)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•12 views

Microsoft Windows PDF Library Remote Code Execution (MS16-028: CVE-2016-0118)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

9.3CVSS7.9AI score0.33713EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0108)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.8AI score0.43397EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•17 views

Microsoft Office Memory Corruption (MS16-029: CVE-2016-0021)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.23429EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•9 views

Microsoft Windows PDF Library Remote Code Execution (MS16-028: CVE-2016-0117)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

9.3CVSS7.9AI score0.72934EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0113)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0112)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•17 views

Microsoft Office Memory Corruption (MS16-029: CVE-2016-0134)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.22285EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0109)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.16763EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•16 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0105)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.8AI score0.14108EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•9 views

Microsoft Edge Memory Corruption (MS16-024: CVE-2016-0123)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

7.6CVSS7.6AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•17 views

Microsoft Windows Media Parsing Remote Code Execution (MS16-027: CVE-2016-0101)

A code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles resources in the media library. A remote attacker can exploit this issue by enticing a victim to open specially crafted media content...

9.3CVSS8.5AI score0.20145EPSS
Exploits0
Total number of security vulnerabilities13538