Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/06/02 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3090)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted swf file. A remote attacker can exploit this issue and lead to code execution...

10CVSS5.9AI score0.87303EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•1 views

Web Clients HTTP URL DOM Entity Cross-Site Scripting

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•1 views

Web Clients HTTP URL HTML Entity Cross-Site Scripting

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•1 views

Web Clients HTTP URL Escape Sequence Cross-Site Scripting

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•1 views

Web Clients HTTP URL Redirect Cross-Site Scripting

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...

1.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•3 views

DNS Tunneling

DNS Tunneling is used to pass non-DNS information using DNS messages, which are normally allowed by security devices. Malicious users or malware may use DNS tunnels to bypass inspection by the security gateway. This protection is only applicable for IPS gateway version R77.30 and above. See...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•11 views

Adobe Acrobat And Reader JavaScript API code execution (APSB15-10: CVE-2015-3074)

A Restrictions Bypass Privileged JavaScript API Execution Vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the use of trusted function which provides certain privileges that allows overwriting objects. A remote attacker can exploit this vulnerability by enticing the...

10CVSS6.8AI score0.09917EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/06/01 12:0 a.m.•22 views

Web Clients HTTP URL JavaScript Function Cross-Site Scripting (CVE-2015-1159; CVE-2015-6099; CVE-2015-6972; CVE-2017-0068)

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...

4.3CVSS1.5AI score0.47738EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/05/31 12:0 a.m.•5 views

Adobe Reader and Acrobat Memory Leak (APSB15-10: CVE-2015-3058)

A memory leak vulnerability has been reported in Adobe Reader. The vulnerability is due to an error in Adobe Reader while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a malicious website containing a specially crafted PDF file...

5CVSS6.1AI score0.09764EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/31 12:0 a.m.•5 views

Adobe Acrobat And Reader Use-After-Free (APSB15-10: CVE-2015-3075)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS6.1AI score0.09304EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/28 12:0 a.m.•2 views

Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3070)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.6AI score0.12208EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/26 12:0 a.m.•2 views

Suspicious Link Redirection Mail Phishing Attempt

Several mail phishing campaigns use embedded redirection links to lure the victim user to download malicious files...

1.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/26 12:0 a.m.•2 views

Non Compliant UUencoded SMTP

Unexpected characters in UUencoded SMTP data which cannot be decoded might indicate an attempt to attack the mail server...

3.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/26 12:0 a.m.•8 views

Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3069)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...

10CVSS7AI score0.09917EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/26 12:0 a.m.•20 views

Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3064; CVE-2015-3061; CVE-2015-3063)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...

10CVSS7AI score0.09917EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/25 12:0 a.m.•16 views

Adobe Acrobat and Reader API Calls Code Execution (APSB15-10: CVE-2015-3062; CVE-2015-3060)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially craft...

10CVSS7AI score0.09917EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/25 12:0 a.m.•12 views

Adobe Acrobat And Reader Use-After-Free (APSB15-10: CVE-2015-3059)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitatio...

10CVSS6.9AI score0.10343EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/24 12:0 a.m.•1 views

TEST title this is test

...

0.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/21 12:0 a.m.•5 views

Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3057)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected versio...

10CVSS6.4AI score0.12127EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/21 12:0 a.m.•9 views

Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008; CVE-2015-3455)

A policy bypass vulnerability exists in multiple products. The vulnerability is due to incorrectly validating the common name in a certificate. It can be exploited by using a NULL character after the portion of the common name that the product expects. By exploiting this vulnerability, a remote...

4.3CVSS2.6AI score0.46156EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•3 views

Adobe Flash Player Domain Policy Bypass (APSB15-10: CVE-2015-3079)

Adobe Flash Player is vulnerable to a cross domain policy bypass. If the victim opens a maliciously crafted file using certain URL schemes, the file could cause a privilege escalation and allow unlimited cross-domain access...

5CVSS3.1AI score0.0521EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•0 views

WordPress Broken Link Checker Plugin Cross-Site Scripting

A cross-site scripting vulnerability has been reported in WordPress Broken Link Checker plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•0 views

WordPress Download Manager Plugin Information Disclosure

An information disclosure vulnerability has been reported in WordPress Download Manager plugin. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to information disclosure...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•4 views

Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3056)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected versio...

10CVSS6.4AI score0.12127EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3078)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted mp4 file...

10CVSS4.5AI score0.05307EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB15-10: CVE-2015-3050)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.4AI score0.12208EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/20 12:0 a.m.•14 views

TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)

A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...

5CVSS0.8AI score0.9986EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/19 12:0 a.m.•2 views

ACE Files

ACE is a data compression format used for archiving, which consists of blocks of various types and sizes. An attacker may use the compressed ACE format in order to bypass inspection by network security devices, which will not be able to inspect the original content that is being transferred...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•3 views

Multiple AntiVirus Products ZIP File Scan Evasion Security Bypass - Ver2 (CVE-2012-1462)

A security bypass vulnerability has been reported in multiple products. An attacker could exploit this vulnerability via a ZIP file containing an invalid block of data at the beginning. Successful exploitation of this vulnerability would allow remote attackers to bypass malware protection and...

4.3CVSS3.7AI score0.97903EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•3 views

Adobe Acrobat PDF File Array Type Error Memory Corruption (APSB12-16) - Ver2 (CVE-2012-4147)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to memory corruption while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file with an affected versi...

10CVSS3AI score0.07532EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•12 views

Microsoft .NET Framework Entity Expansion Denial of Service (MS13-082) - Ver2 (CVE-2013-3860)

A denial of service vulnerability exists in the .NET Framework. The vulnerability is caused when the .NET Framework attempts to parse a specially crafted document type definition DTD for XML data when an XML digital signature is validated. An attacker who successfully exploited this vulnerability...

7.8CVSS6AI score0.31646EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•27 views

Norton Internet Security NBNS Response Processing Stack Overflow - Ver2 (CVE-2004-0444)

Norton Internet Security is a security solution produced by Symantec corporation. If the Firewall component allows traffic on port 137/UDP, this traffic will be parsed as NetBIOS Name Service messages. There exists a vulnerability in the Symantec Firewall product line. A specially crafted NetBIOS...

10CVSS3.6AI score0.12798EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•14 views

Oracle Secure Backup Administration property_box.php Command Injection - Ver2 (CVE-2010-0899)

Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allows for single point of management of data present on network attached storage NAS devices and distributed hosts which may have different operating systems. The data in transit is kept secure ...

9CVSS7.4AI score0.02243EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•16 views

Microsoft Windows NT 4.0 DHCP Server Request Buffer Overflow attack - Ver2 (CVE-2004-0900)

A buffer overflow vulnerability has been reported in Microsoft Windows NT. An attacker could exploit this vulnerability via a malformed DHCP message. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application...

10CVSS7.4AI score0.26041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•11 views

Novell GroupWise Internet Agent iCalendar Parsing Denial of Service - Ver2 (CVE-2011-3827)

A denial-of-service vulnerability has been reported in Novell GroupWise Internet Agent. The vulnerability is due to insufficient validation of certain data when parsing a received iCalendar message. An attacker could exploit this vulnerability by enticing a target user to open a specially crafted...

4.3CVSS4.6AI score0.03694EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•11 views

Microsoft Windows AVI File Data Validation Integer Overflow (MS09-038) - Ver2 (CVE-2009-1546)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF.This file type used with applications that capture, edit, and play back audio-video sequences. The vulnerability is due to an error in the Windows component responsible for processing AVI files that does not...

8.5CVSS7.2AI score0.22464EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•22 views

Microsoft Visual Studio WMI Object Code Execution (MS06-073) - Ver2 (CVE-2006-4704)

A remote code execution vulnerability exists in Microsoft Visual Studio 2005. Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications,...

6.8CVSS7.4AI score0.42846EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•21 views

HP Intelligent Management Center img Buffer Overflow - Ver2 (CVE-2011-1848)

HP Intelligent Management Center IMC is a stand-alone, comprehensive management platform developed by HP that delivers integrated and modular network management capabilities. IMC Enterprise Edition is designed on a service-oriented architecture SOA using a business application flow model as the...

10CVSS2.5AI score0.12855EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS13-088: CVE-2013-3871) - Ver2

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

9.3CVSS7.4AI score0.21235EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•7 views

Cisco Secure ACS EAPTLS Authentication Bypass - Ver2 (CVE-2004-1099)

An authentication bypass vulnerability has been reported in Cisco Secure Access Control Server Solution Engine, Cisco Secure ACS Solution Engine and Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized...

10CVSS4AI score0.10195EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•11 views

Adobe Shockwave Player Chunk Parsing Out of Bounds (APSB12-13) - Ver2 (CVE-2012-2031)

A remote code execution vulnerability has been reported in Adobe Shockwave player. The vulnerability is due to a memory corruption error while parsing crafted data in an rcsL chunk within a DIR media file. A remote attacker can exploit this issue by enticing a target user to open a specially...

10CVSS7.6AI score0.18339EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•9 views

Microsoft Office Graphics Image Filter WPG Heap Overflow - Ver2 (CVE-2008-3460)

A buffer overflow vulnerability has been reported in Microsoft Works, Microsoft Office Converter Pack and Microsoft Office. An attacker could exploit this vulnerability via a crafted WPG file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...

9.3CVSS7.4AI score0.32172EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•6 views

Linksys WRH54G HTTP Management Interface DoS Code Execution - Ver2 (CVE-2008-2636)

A code execution vulnerability has been reported in Cisco Linksys Wrh54g Router. An attacker could exploit this vulnerability via a URI that begins with a ". Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.8CVSS3.7AI score0.03403EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•9 views

Microsoft Excel File Format Code Execution (MS12-030) - Ver2 (CVE-2012-0141)

A remote code execution vulnerability has been reported in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel handles memory when opening specially crafted Excel files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted Exc...

9.3CVSS7AI score0.21769EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•24 views

Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)

Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...

9.3CVSS3.6AI score0.22364EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•23 views

PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)

A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...

7.5CVSS2.6AI score0.53166EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•13 views

Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052) - Ver2 (CVE-2008-3014)

Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap information. A remote code execution vulnerability has been discovered in the way GDI+ allocates memory for WMF image files. The vulnerability is d...

9.3CVSS7.3AI score0.36722EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•18 views

Microsoft PowerPoint OfficeArt Atom Remote Code Execution (MS11-022) - Ver2 (CVE-2011-0976)

A remote code execution vulnerability has been identified in Microsoft PowerPoint. Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability...

9.3CVSS7.1AI score0.25459EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•12 views

Novell CASA PAM Module Stack Buffer Overflow - Ver2 (CVE-2006-0736)

A buffer overflow vulnerability has been reported in Novell's CASA. The vulnerability is due to a boundary error in the CASA PAM handler 'pammicasa' authentication module. A remote attacker can exploit this vulnerability by gaining root access to any machine with CASA installed...

10CVSS3.9AI score0.06891EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•13 views

ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution - Ver2 (CVE-2011-4535)

A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer. The vulnerability is due to a boundary check error. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ZIP archive file with the affected product. Successful...

6.8CVSS4.7AI score0.27003EPSS
Exploits1
Total number of security vulnerabilities13538