Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/07/13 12:0 a.m.•18 views

Schneider Electric VAMPSET COMTRADE Records Buffer Overflow (CVE-2014-8390)

A heap buffer overflow vulnerability exists in Schneider Electric VAMPSET software. The vulnerability is due to improper processing of specific parameters within CFG and DAT files of a COMTRADE record. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim to ope...

4.4CVSS7.1AI score0.00518EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/13 12:0 a.m.•13 views

Visual Mining NetCharts Server projectContents.jsp File Rename Denial of Service (CVE-2015-4032)

A denial of service condition vulnerability has been reported in Visual Mining NetCharts Server projectContents.jsp page. The vulnerability is due to arbitrary directory traversal when renaming a file. A remote attacker can exploit this vulnerability to create a denial of service condition...

10CVSS4.8AI score0.02332EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/12 12:0 a.m.•1 views

Microsoft Internet Explorer CTxtPtr Memory Access Error

An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability is due to a read out of boundary when handling CTxtPtr::InsertRange objects. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case o...

1.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/12 12:0 a.m.•6 views

OpenLDAP slapd Deref Overlay Null Pointer Dereference (CVE-2015-1545)

A denial of service vulnerability exists in OpenLDAP. The vulnerability is due to NULL pointer dereference in the Deref overlay of slapd when certain LDAP request messages are processed. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the...

5CVSS3.6AI score0.11091EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/12 12:0 a.m.•2 views

Google Chrome XSSAuditor Policy ByPass

A policy bypass vulnerability exists in Google Chrome. The vulnerability is due to improper handling of script tags within svg tags. A remote attacker can exploit this vulnerability by enticing a user to follow a crafted URL. Successful exploitation will result in bypassing the XSSAuditor feature...

1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/12 12:0 a.m.•10 views

LANDesk Management Suite Remote File Inclusion (CVE-2014-5362)

A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in the HTTP path. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a malicious parameter...

6.5CVSS6.7AI score0.03162EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/07/12 12:0 a.m.•11 views

Microsoft ASP.NET Information Disclosure (MS15-041) - ver 2 (CVE-2015-1648)

An information disclosure vulnerability exists in Microsoft .NET Framework. The vulnerability is due to improper requests sanitization on servers with error messages disabled. A remote attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server...

2.6CVSS5.7AI score0.34855EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/11 12:0 a.m.•4 views

Adobe Flash opaqueBackground Use After Free (APSA15-04: CVE-2015-5122)

A use after free vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles the opaqueBackground property setter of the DisplayObject class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable...

10CVSS2.8AI score0.93688EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/07/09 12:0 a.m.•7 views

Visual Mining NetCharts Server saveFile.jsp Page Directory Traversal (CVE-2015-4031)

An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to lack of sanitization on a remotely supplied parameter within the saveFile.jsp page. A remote attacker can exploit this vulnerability to execute arbitrary code with SYSTEM...

10CVSS4.1AI score0.07156EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/09 12:0 a.m.•17 views

WebGate Multiple Products WESPSerialPortCtrl Buffer Overflow (CVE-2015-2097)

A buffer overflow vulnerability exists in WebGate Multiple Products. The vulnerability is due to insufficient input validation of the length of the parameters passed to the Connect method of WESPSerialPort.WESPSerialPortCtrl.1. A remote attacker could exploit this vulnerability by enticing a user...

7.5CVSS5.1AI score0.2414EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/07/08 12:0 a.m.•7 views

Microsoft Windows Font Glyphs Kernel Code Injection (MS15-077; CVE-2015-2387)

A flaw was found in the way Microsoft ATMFD.DLL component handles specially crafted fonts. Successful exploitation of this vulnerability might result in invalid memory access, allowing kernel code injection...

7.2CVSS6.7AI score0.36738EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/08 12:0 a.m.•37 views

Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)

A vulnerability exists within Adobe Flash Player ActionScript 3 ByteArray class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system...

10CVSS4.1AI score0.99344EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/07/07 12:0 a.m.•2 views

WordPress MailChimp Subscribe Forms PHP Code Execution

A PHP code execution vulnerability has been reported in Wordpress plugin MailChimp Subscribe Forms. The vulnerability is due to insufficient validation of user-controlled email address when handling subscribe requests. An unauthenticated remote attacker can exploit this vulnerability by sending a...

0.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/07 12:0 a.m.•4 views

IBM Tivoli Storage Manager FastBack Mount vault Stack Buffer Overflow (CVE-2015-1896)

A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to improper bounds checking by the FastBackMount process. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests. Successful exploitati...

10CVSS7.6AI score0.30247EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/07 12:0 a.m.•32 views

Panasonic Security API SDK Iprosapi ActiveX Control Buffer Overflow (CVE-2015-4647)

A buffer overflow vulnerability exists in the Ipropsapi ActiveX Control component of the Panasonic Security API SDK. The vulnerability is due to an error when processing the FilePassword property. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted...

6.8CVSS3.5AI score0.05643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/07 12:0 a.m.•11 views

TLS DHE_EXPORT Information Disclosure (MS15-055; CVE-2015-1716; CVE-2015-4000)

An information disclosure vulnerability exists in multiple implementations of TLS 1.2 and earlier, when Ephemeral Diffie-Hellman cipher suites including their EXPORT versions are used. It is possible to downgrade a DHE cipher to a DHEEXPORT cipher, which can be broken, and thereby perform a...

5CVSS1.8AI score0.9986EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/05 12:0 a.m.•4 views

Beta (Sundown) Exploit Kit Landing Page

Beta exploit kit, a.k.a. Sundown exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Beta exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perfor...

6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/05 12:0 a.m.•19 views

Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)

An elevation-of-privilege vulnerability has been reported in the Apple CUPS. The vulnerability is due to improper processing of print-job or create-job requests sent to cupsd. A remote, unauthenticated attacker can send a specially crafted localized strings to cause the 'admin/conf' and 'admin'...

10CVSS4.7AI score0.29913EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/07/01 12:0 a.m.•23 views

PHP ftp_genlist method Integer Overflow (CVE-2015-4022)

A code execution vulnerability exists in PHP's ftpgenlist method. The vulnerability is due to lack of integer overflow detection when calculating the size of the response to the FTP LIST command. A remote attacker can exploit the vulnerability by hosting an FTP server and sending crafted ata to a...

7.5CVSS4.1AI score0.20837EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/07/01 12:0 a.m.•9 views

IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow (CVE-2015-0120)

A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to insufficient input validation of parameters to the CRYPTOSEncryptBufferToBuffer function. A remote unauthenticated attacker could exploit this vulnerability by sending crafted...

7.5CVSS7.6AI score0.01423EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/30 12:0 a.m.•5 views

PHP Multipart Remote Denial of Service (CVE-2015-4024)

A denial-of-service vulnerability has been reported in the way PHP handles HTTP requests. A remote attacker could exploit this vulnerability using a specially crafted HTTP request, and cause a denial of service condition on the affected system...

5CVSS1.9AI score0.50129EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/06/30 12:0 a.m.•6 views

Novell ZENworks Configuration Management Preboot Policy Service Buffer Overflow (CVE-2015-0786)

A stack buffer overflow vulnerability exists in the PreBoot Policy Service of Novell ZENworks Configuration Management. The vulnerability is due to a boundary error in the logging functionality. Remote, unauthenticated attackers could exploit this vulnerability by sending crafted packets to the...

10CVSS4.8AI score0.23643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/29 12:0 a.m.•1 views

ESET NOD32 Anti-Virus Emulation Remote Code Execution

A Remote Code Execution vulnerability has been reported in ESET's NOD32 Anti-Virus products. A successful exploitation of this vulnerability can allow code execution with the privileges of the affected product...

4.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/28 12:0 a.m.•2 views

ManageEngine EventLog Analyzer Cross Site Request Forgery

A cross site request forgery vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to insufficient input validation of parameters sent to event/userManagementForm.do. By convincing a user to follow a malicious link, a remote attacker can exploit this vulnerability to...

3.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/28 12:0 a.m.•3 views

Suspicious Hyperlink Mail Phishing Attempt

A common method for Phishing, used in malspam campaigns, is the use of hyperlinks inside such a seemingly valid entity, in order to direct the victim into a designated website controlled by the attacker or in order to make the user download malware such as Hancitor/Pony...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/28 12:0 a.m.•3 views

Suspicious PDF Comment Field

This protection detects suspicious content inside the comment field in PDF files...

2.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/25 12:0 a.m.•7 views

VMware JPEG2000 Stack Overflow (CVE-2015-2336)

A stack overflow vulnerability has been reported in multiple VMWare products, including VMware Workstation, Player, and Fusion, when processing JPEG2000 JPX files. A remote attacker can exploit this vulnerability to cause a denial of service condition or code execution on the host system...

5.8CVSS7.1AI score0.00747EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/25 12:0 a.m.•13 views

HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)

A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...

8.7CVSS6.3AI score0.03484EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/24 12:0 a.m.•4 views

Adobe Flash Player Heap Buffer Overflow (APSB15-14: CVE-2015-3113; CVE-2015-4432; CVE-2015-5118)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.3AI score0.9994EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/06/23 12:0 a.m.•3 views

Novell ZENworks Configuration Management Session ID Information Disclosure (CVE-2015-0784)

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to exposure of insecure functionality within Rtrlet.class. A remote unauthenticated attacker can leverage this vulnerability to disclosure Session IDs of the logged in users which...

5CVSS2.2AI score0.0659EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/22 12:0 a.m.•1 views

PDF Containing Unsupported Filter

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader when handling PDF files that contain an unsupported filter. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file...

4.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/22 12:0 a.m.•1 views

PDF Containing Multiple Filters

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader when handling PDF files that contain multiple filters. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file...

6.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/21 12:0 a.m.•9 views

LANDesk Management Suite AMTVersion Cross-Site Scripting (CVE-2014-5360)

A cross-site scripting vulnerability exists in LANDesk Management Suite. The vulnerability is due to improper validation of a user-supplied parameter AMTVersion. A remote attacker could exploit this vulnerability by enticing a target user to view crafted web content...

4.3CVSS2.9AI score0.00991EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/06/18 12:0 a.m.•1 views

Shodan Scanner SIP Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/18 12:0 a.m.•1 views

Shodan Scanner ISAKMP Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/18 12:0 a.m.•5 views

Shodan Scanner GTP Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/18 12:0 a.m.•2 views

Shodan Scanner BACNET Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/18 12:0 a.m.•2 views

Shodan Scanner ENIP Request

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/15 12:0 a.m.•3 views

SAP NetWeaver Portal ConfigServlet Remote Command Execution

A remote command execution vulnerability has been reported in SAP NetWeaver. The vulnerability is due to insufficient validation in SAP ConfigServlet handling of incoming GET requests. By sending a specially-crafted GET request, an attacker could exploit this vulnerability to inject and execute...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/15 12:0 a.m.•7 views

Adobe Flash Player custom pageDomain (APSB15-11: CVE-2015-3102)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

5CVSS4.1AI score0.0241EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/14 12:0 a.m.•1 views

OsCommerce Configuration SQL Injection Attempt

An SQL injection vulnerability has been reported in OsCommerce Online Merchant. Successful exploitation of this vulnerability would allow a remote attacker to modify and pull confidential database information...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/14 12:0 a.m.•20 views

HTTP Methods (CAN-2003-0109; CVE-2007-1560; CVE-2015-1499)

...

8.5CVSS8.3AI score0.86396EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2015/06/14 12:0 a.m.•7 views

Oracle Java SE Ligature Substitution Glyph Storage Out Of Bounds Memory Access (CVE-2015-0469)

An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to an issue with insufficient validation of an index value prior to array access. This can lead to an off by one condition in the glyphStorage heap array object. A remote unauthenticated...

10CVSS3.6AI score0.07224EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/11 12:0 a.m.•4 views

Adobe Flash Player Memory Leak (APSB15-11: CVE-2015-3108)

A memory leak vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Flash Player while handling specially crafted swf files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted swf...

5CVSS2.1AI score0.02443EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/10 12:0 a.m.•1 views

OsCommerce Cross-Site Request Forgery Administrator Creation

A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to create administrator users on the affected system...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/10 12:0 a.m.•1 views

OsCommerce Mail Cross-Site Scripting Attempt

A cross-site scripting vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to inject web script into the affected system...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1730)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.2939EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•2 views

OsCommerce Configuration Cross-Site Scripting

A cross-site scripting vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to inject web script into the affected system...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•2 views

Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1736)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7AI score0.19436EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/09 12:0 a.m.•3 views

Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1753)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15631EPSS
Exploits0
Total number of security vulnerabilities13538