Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/02/07 12:0 a.m.•2 views

Suspicious Image File Remote Code Execution Attempt

Certain malicious executable files can be hidden using image file name extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/07 12:0 a.m.•4 views

Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)

A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL...

4.3CVSS0.8AI score0.07297EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2016/02/02 12:0 a.m.•0 views

Magento Sales User Info Cross Site Scripting

A cross-site scripting vulnerability has been reported in Magento's core libraries. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system and acquire administrative permissions...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/02 12:0 a.m.•4 views

Angler Exploit Kit Redirection

Angler Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/01 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0946)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

10CVSS8.9AI score0.04244EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/01 12:0 a.m.•14 views

WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)

Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.9AI score0.02041EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/02/01 12:0 a.m.•19 views

jQuery Suspicious URL Redirection (CVE-2018-18084)

A suspicious URL redirection to a possibly malicious jQuery domain has been encountered. By injecting JavaScript code, an attacker may redirect the user to an attacker-controlled website...

7.5CVSS1.4AI score0.01261EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/31 12:0 a.m.•2 views

SQL Servers SQL Injection Characters Evasion Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/27 12:0 a.m.•5 views

Adobe Acrobat and Reader Use After Free Code Execution (APSB16-02: CVE-2016-0940)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...

10CVSS9.3AI score0.05493EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/27 12:0 a.m.•7 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0932)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

6.8CVSS8.7AI score0.06772EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/27 12:0 a.m.•13 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0938)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.9AI score0.05324EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/26 12:0 a.m.•24 views

WordPress WPML Plugin SQL Injection (CVE-2015-2314)

An SQL injection vulnerability exists in the WPML plugin for WordPress, allowing remote attackers to execute arbitrary SQL commands...

7.5CVSS7.2AI score0.07069EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/25 12:0 a.m.•6 views

Adobe Acrobat and Reader JavaScript API Code Execution (APSB15-02: CVE-2016-0943)

A restriction bypass privileged JavaScript API execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the use of a trusted function which provides certain privileges that allow overwriting objects. A remote attacker can exploit this vulnerability by enticing the...

6.8CVSS8.7AI score0.07059EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/25 12:0 a.m.•12 views

Adobe Acrobat and Reader Use-After-Free Code Execution (APSB16-02: CVE-2016-0941)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

6.8CVSS8.6AI score0.06796EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/25 12:0 a.m.•3 views

Adobe Acrobat and Reader Use-After-Free (APSB16-02: CVE-2016-0937)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS8.6AI score0.06694EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/25 12:0 a.m.•3 views

WordPress Calculated Fields Form Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress Calculated Fields Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/25 12:0 a.m.•28 views

WordPress Webdorado Spider Event Calendar Plugin SQL Injection (CVE-2015-2196)

An SQL injection vulnerability exists in Spider Event Calendar 1.4.9 for WordPress allowing remote attackers to execute arbitrary SQL commands...

7.5CVSS6.8AI score0.11182EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/24 12:0 a.m.•20 views

Adobe Acrobat and Reader Double Free Remote Code Execution (APSB16-02: CVE-2016-0935)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a double-free error in Adobe Acrobat and Reader while handling objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF...

6.8CVSS9.2AI score0.06988EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/24 12:0 a.m.•9 views

Adobe Acrobat Reader Memory Corruption (APSB16-02: CVE-2016-0939)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

6.8CVSS8.9AI score0.07367EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/24 12:0 a.m.•10 views

Adobe Acrobat and Reader Use-After-Free (APSB16-02: CVE-2016-0934)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

6.8CVSS8.6AI score0.06796EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/24 12:0 a.m.•14 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0936)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader decodes CMYK files where a JPEG image has invalid values for the three component chrominance subsampling. A remote attacker can exploit this vulnerability...

9.3CVSS8.9AI score0.07944EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/21 12:0 a.m.•5 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0933)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS8.9AI score0.06107EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/19 12:0 a.m.•1 views

JavaScript Malicious Reverse Obfuscation Technique

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/19 12:0 a.m.•3 views

WordPress Tubepress Plugin Version 2 Cross Site Scripting

A cross-site scripting vulnerability has been reported in WordPress Tubepress Plugin 2. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/19 12:0 a.m.•7 views

Adobe Acrobat and Reader Memory Corruption (APSB16-02: CVE-2016-0931)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

6.8CVSS8.8AI score0.05544EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/18 12:0 a.m.•7 views

Apple QuickTime MP4 Absent stbl Box Memory Corruption (CVE-2015-3667)

A memory corruption vulnerability has been reported in Apple QuickTime. The vulnerability is due to an issue with processing corrupted MPEG-4 MP4 files. A remote attacker could exploit this vulnerability by enticing a user to open a malicious .MP4 file. Successful exploitation could lead to...

6.1AI score0.03635EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/14 12:0 a.m.•13 views

Google Android Market URI Denial of Service (CVE-2012-6301)

A Denial of Service vulnerability has been reported in Google Android. The vulnerability is due to an insufficient validation of URI in the SRC attribute of an IFRAME element. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page...

5CVSS4.5AI score0.06448EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/01/14 12:0 a.m.•6 views

Samba smbd Daemon Symlink Verification Information Disclosure (CVE-2015-5252)

An information disclosure vulnerability has been reported in Samba. The vulnerability is due to flaws in the symbolic link verification mechanism. A remote, authenticated attacker could exploit this vulnerability by using an SMB client to request for files or directories outside the share path...

5CVSS1.3AI score0.13274EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•20 views

Microsoft Silverlight Runtime Remote Code Execution (MS16-006: CVE-2016-0034)

A remote code execution vulnerability exists in Microsoft Silverlight. The vulnerability is due to incorrect handling of certain open and close requests that can result in read and write access violations. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a...

9.3CVSS2.3AI score0.69709EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•10 views

Microsoft Office Memory Corruption (MS16-004: CVE-2016-0035)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...

9.3CVSS7.6AI score0.22688EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•9 views

Microsoft Edge Memory Corruption (MS16-002: CVE-2016-0003)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to improper type checking of a variable. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...

9.3CVSS9.3AI score0.39413EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•22 views

Microsoft Scripting Engine Memory Corruption (MS16-002: CVE-2016-0024)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to lack of input validation within a DataView object. Successful exploitation of this issue can lead to remote code execution...

9.3CVSS9.2AI score0.178EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•18 views

Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0016)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

7.2CVSS7.9AI score0.31091EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•9 views

Microsoft Internet Explorer Elevation of Privilege (MS16-001: CVE-2016-0005)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

4.3CVSS6.1AI score0.28206EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•18 views

Microsoft DirectShow Heap Corruption Remote Code Execution (MS16-007: CVE-2016-0015)

A remote code execution vulnerability has been reported in Microsoft DirectShow. The vulnerability is due to the way Microsoft DirectShow improperly validates input. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS7.9AI score0.51265EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS16-001: CVE-2016-0002)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS8.1AI score0.23942EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•27 views

Microsoft .NET Silverlight Manifest Resource File Information Disclosure (CVE-2015-6114)

An information disclosure vulnerability exists in Microsoft .NET Silverlight manifest resource parsing functionality. The vulnerability is due to an error while processing a corrupted manifest. An attacker can exploit this vulnerability by supplying a specially crafted resource through a .NET or...

4.3CVSS5.6AI score0.19485EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•17 views

Microsoft Windows GDI32.dll ASLR Bypass (MS16-005: CVE-2016-0008)

A vulnerability was discovered in Microsoft Word and Wordpad that could allow attackers to disclose internal memory information which can then be used to bypass security features such as ASLR. A security feature bypass vulnerability exists in the way that the Windows graphics device interface...

4.3CVSS2.2AI score0.13841EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•19 views

Microsoft Office Memory Corruption (MS16-004: CVE-2016-0010)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.21606EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•28 views

Microsoft Windows DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0014)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to execute arbitrary code with the privileges of the current user. The attacker must entice the victim to run an executable...

7.2CVSS8.1AI score0.02423EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•17 views

Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0018)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

6.9CVSS7.7AI score0.13526EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•20 views

Microsoft Windows Mapi DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0020)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to gain higher privileges or bypass sandboxing mechanisms. The attacker must entice the victim to run an executable file to...

7.2CVSS7.7AI score0.02008EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/10 12:0 a.m.•54 views

Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)

A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...

6.8CVSS6AI score0.24408EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/01/07 12:0 a.m.•8 views

Microsoft Internet Explorer Elevation of Privilege (MS15-106: CVE-2015-6051)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

4.3CVSS7.7AI score0.14722EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/07 12:0 a.m.•4 views

CoDeSys Gateway Server Opcode 0x3ef Heap Buffer Overflow (CVE-2015-6460)

A heap buffer overflow vulnerability exists in 3S Smart Software CoDeSys due to insufficient input validation. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request message to the vulnerable service. Successful exploitation could result in code execution ...

7.5CVSS7.4AI score0.0621EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/06 12:0 a.m.•38 views

SQL Injection Scanning Attempt (CVE-2022-27412)

Remote attackers use SQL injection scanning in order to locate potential SQL injection vulnerabilities on a target server, which could be later used for attacks...

7.5CVSS4.1AI score0.03829EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/01/04 12:0 a.m.•16 views

Microsoft .NET Framework ASLR Security Bypass (MS15-118: CVE-2015-6115)

A security feature bypass vulnerability exists in Microsoft .NET Framework. The vulnerability is due to a DLL file that was not compiled with Address Space Layout Randomization ASLR enabled. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted document that...

4.3CVSS6AI score0.1371EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/03 12:0 a.m.•13 views

IBM Domino Image File Parsing Buffer Overflow (CVE-2015-5040)

A buffer overflow vulnerability has been reported in IBM Domino. The vulnerability is due to improper bounds checking when parsing image files, potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this vulnerability by sending an email containin...

7.5CVSS5.7AI score0.03282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/01/03 12:0 a.m.•2 views

ManageEngine ServiceDesk FileDownload.jsp fName Directory Traversal

A directory traversal vulnerability has been reported in ManageEngine ServiceDesk. The vulnerability is due to the software incorrectly validating the "fName" parameter when handling requests sent to FileDownload.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/12/31 12:0 a.m.•1 views

Reprise License Manager diagnostics_doit Directory Traversal

A path traversal vulnerability exists in the Reprise License Manager due to insufficient input validation while processing HTTP requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted HTTP requests to the target system. Successful exploitation would allow an...

2.7AI score
Exploits0
Total number of security vulnerabilities13538