Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•6 views

OpenSSL ClientHello signature_algorithms Extension Denial of Service (CVE-2015-0291)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference when an OpenSSL server application, during renegotiation, receives and processes an invalid signaturealgorithms extension in a Client Hello handshake message. A remote, unauthenticated...

5CVSS3AI score0.08055EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS15-032 : CVE-2015-1661)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.3CVSS7AI score0.14728EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•3 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1667)

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to A flaw in Internet Explorer in which a CMapStringToPtr object is written to after being released. A remote attacker can exploit this issue by enticing a victim to view a specially...

9.3CVSS6.8AI score0.13021EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•24 views

Microsoft Windows HTTP.sys Remote Code Execution (MS15-034: CVE-2015-1635)

A remote code execution vulnerability has been reported in Windows OS. The vulnerability is due to an error in the way HTTP.sys handles a malicious HTTP header. Successful exploitation would result in a remote code execution...

10CVSS1.6AI score0.99999EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•11 views

Microsoft Office Component Use After Free (MS15-033: CVE-2015-1650)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS7AI score0.29022EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•18 views

ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)

A cross-site scripting vulnerability has been reported in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the zone variable in the statuscaptiveportal page. A remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user...

4.3CVSS2.5AI score0.24167EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•12 views

Microsoft SharePoint Cross-site Scripting (MS15-036; CVE-2015-1653)

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...

4.3CVSS2.6AI score0.08863EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•4 views

Microsoft XML Core Services (MSXML) (MS15-039: CVE-2015-1646)

A security feature bypass vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to a flaw that allows external entities in XML documents to be expanded into different-origin web site contents or local file contents. A remote attacker can exploit this issue...

4.3CVSS6AI score0.16975EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•9 views

Microsoft Office Memory Corruption (MS15-033: CVE-2015-1641)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS9.1AI score0.97327EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•13 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1668)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15789EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•21 views

Microsoft Windows MS-DOS Device Name Elevation of Privilege (MS15-038; CVE-2015-1644)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Microsoft Windows fails to properly validate and enforce impersonation levels. A remote attacker can exploit this issue by logging on to the system and running a specially crafted application...

7.2CVSS5.9AI score0.01755EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1657)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13021EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•7 views

Microsoft Office Component Use After Free (MS15-033: CVE-2015-1649)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is triggered when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS6.9AI score0.25741EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•1 views

HTTP Suspicious SMB Redirection

A vulnerability has been discovered in the way numerous Windows-based applications follow HTTP redirection messages. By enticing a user to connect to a malicious Web server or by using Man in the Middle techniques, an attacker might cause a vulnerable application to initiate an SMB connection to ...

0.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•13 views

PHP Group PHP ZIP Integer Overflow (CVE-2015-2331)

A heap buffer overflow vulnerability exists in PHP. The vulnerability is due to an integer overflow in the libzip component of PHP. A remote attacker can exploit this vulnerability by sending a crafted ZIP archive to a web application running a vulnerable version of PHP. A successful attack can...

7.5CVSS3.3AI score0.27869EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1660)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13021EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•10 views

Microsoft ASP.NET Information Disclosure (MS15-041; CVE-2015-1648)

An information disclosure vulnerability exists in Microsoft .NET Framework. The vulnerability is due to improper requests sanitization on servers with error messages disabled. A remote attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server...

2.6CVSS5.7AI score0.34855EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1659)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS9.1AI score0.15789EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•8 views

Microsoft Office Component Use After Free (MS15-033: CVE-2015-1651)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is triggered when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS6.9AI score0.16593EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1666)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.13021EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•18 views

Microsoft Internet Explorer Memory Corruption (MS15-032: CVE-2015-1652)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15789EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/14 12:0 a.m.•18 views

Microsoft Windows EMF Processing Remote Code Execution (MS15-035; CVE-2015-1645)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly processes specially crafted Enhanced Metafile EMF image format files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted EMF...

9.3CVSS4.3AI score0.25451EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/13 12:0 a.m.•4 views

PHP Web Shells Malicious Known Variables

There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/13 12:0 a.m.•24 views

Microsys Promotic PmBase64Decode Buffer Overflow (CVE-2014-9205)

A stack-based buffer overflow vulnerability exists in Microsys's Promotic. The vulnerability is due to an insufficient boundary check on user-supplied data in the PmBase64Decode function. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted base64...

7.5CVSS4.8AI score0.0484EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/12 12:0 a.m.•7 views

Multiple SolarWinds Orion GetAccounts SQL Injections (CVE-2014-9566)

Multiple SQL injection vulnerabilities have been reported in SolarWinds products. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccounts. Remote attackers could exploit this vulnerability by sending HTTP requests with a crafted dir or sort...

7.5CVSS2.3AI score0.47749EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/04/08 12:0 a.m.•5 views

Linux Kernel SCTP Chunk Parameter Padding Denial of Service (CVE-2014-3673)

A denial of service vulnerability has been reported in the SCTP networking module of the Linux kernel. The vulnerability is due to an error while processing crafted chunks. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A...

7.8CVSS3.2AI score0.07461EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/04/07 12:0 a.m.•11 views

DIY CMS 1.0 Poll - Multiple Vulnerabilities (CVE-2012-6518)

Multiple web vulnerabilities were discovered in DIY v1.0 Content Management System. The vulnerabilities are due to improper input validation within several methods. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary SQL commands which can result in the...

6.8CVSS3.2AI score0.01302EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/04/07 12:0 a.m.•24 views

WebGate Multiple Products WESPMonitor Stack Buffer Overflow (CVE-2015-2097)

A stack buffer overflow vulnerability exists in multiple products of WebGate. The vulnerability is due to insufficient boundary checks when processing parameters of methods LoadImage and LoadImageEx of the WESPMONITORLib.WESPMonitorCtrl ActiveX control. A remote attacker could exploit this...

7.5CVSS4.6AI score0.2414EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•1 views

VSFTPD Invalid User Name Code Execution

An attacker might use a malicious backdoor that was added to the VSFTPD download archive. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•7 views

SolarWinds Server and Application Monitor loadExtensionFactory Stack Buffer Overflow (CVE-2015-1500)

A stack buffer overflow vulnerability exists in SolarWinds Server and Application Monitor. The vulnerability is due to insufficient validation in loadExtensionFactory method of a 'factory' object. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a...

6.8CVSS4AI score0.08165EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•29 views

Apache Qpid Session.gap Denial of Service - ver 2 (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

4CVSS4.2AI score0.08682EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•6 views

HP Point of Sale OPOS Driver OPOSPOSKeyboard.ocx Open Method Buffer Overflow (CVE-2014-7891)

A buffer overflow vulnerability exists in the OPOSPOSKeyboard.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user controller data to the Open method.A remote, unauthenticated attacker can exploit this vulnerability by...

10CVSS7.3AI score0.10349EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•4 views

SolarWinds Server and Application Monitor loadExtensionFactory Code Execution (CVE-2015-1501)

A code execution vulnerability exists in SolarWind Server and Application Monitor. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a malicious website. Successful exploitation could allow arbitrary code execution within security context of the...

6.8CVSS3.8AI score0.07047EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•24 views

Apache Qpid Session.gap Denial of Service (CVE-2015-0203)

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap...

4CVSS4.6AI score0.08682EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•14 views

WordPress Download Manager Plugin Privilege Escalation (CVE-2014-9260)

A privilege escalation vulnerability has been found in WordPress Download Manager Plugin. An authenticated remote attacker may leverage this vulnerability to gain administrative access to the vulnerable server...

6.5CVSS4.8AI score0.11059EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/04/06 12:0 a.m.•6 views

ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560)

An access control weakness vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to design error in limiting the admin's password reset functionality to authorized admin users only. This allows any remote unauthenticated users to access the administrative control panel of...

5CVSS9.1AI score0.15613EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/04/05 12:0 a.m.•19 views

Eclipse Foundation Jetty Web Server HttpParser Remote Information Disclosure (CVE-2015-2080)

An information disclosure vulnerability exists in Eclipse Foundation Jetty Web Server. The vulnerability is due to improper parsing of HTTP requests that can lead to information disclosure via HTTP responses from the server. A remote attacker can exploit this vulnerability by sending HTTP request...

5CVSS0.9AI score0.74881EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2015/04/05 12:0 a.m.•2 views

Bull-Dosa Denial of Service Tool

Bull-Dosa is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple packets that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be enforced by...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/05 12:0 a.m.•1 views

Torshammer Denial of Service Tool

Torshammer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/05 12:0 a.m.•2 views

DarkMagic Flooder Denial of Service Tool

DarkMagic Flooder is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple packets that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/04/01 12:0 a.m.•0 views

PHP DateTimeZone Object timezone Unserialize Type Confusion

A code execution vulnerability has been reported in PHP. The vulnerability is due to a type confusion error when handling serialized DateTimeZone objects within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application runnin...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/31 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0031)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/30 12:0 a.m.•12 views

SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass (CVE-2015-2284)

A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this...

10CVSS2.7AI score0.74054EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/03/30 12:0 a.m.•11 views

HP Point of Sale OPOS Driver opostoneindicator.ocx Open Method Stack Buffer Overflow (CVE-2014-7890)

A buffer overflow vulnerability exists in the opostoneindicator.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user supplied parameter value to the Open method. A remote, unauthenticated attacker can exploit this...

10CVSS6.8AI score0.10349EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/30 12:0 a.m.•16 views

Oracle Data Quality LoaderWizard DataPreview Type Confusion (CVE-2015-0446)

A remote code execution vulnerability has been reported in Oracle Data Quality LoaderWizard DataPreview method contained in the TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to type confusion when handling data passed to it. A remote attacker can exploit this vulnerability b...

6.8CVSS7.3AI score0.0189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/29 12:0 a.m.•21 views

Samsung iPOLiS Device Manager WriteConfigValue Stack Buffer Overflow (CVE-2015-0555)

A stack-based buffer overflow vulnerability exists in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation of a parameter passed to WriteConfigValue of the XnsSdkDeviceIpInstaller ActiveX control. A remote attacker can exploit this vulnerability by enticing a...

6.8CVSS4.2AI score0.06388EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2015/03/29 12:0 a.m.•3 views

Schneider Electric Pelco DS-NVs Rvctl.RVControl Buffer Overflow (CVE-2015-0982)

A buffer overflow vulnerability exists in Schneider Electric Pelco DS-NV Software package. The vulnerability is due to insufficient input validation on a user-supplied input in the SetText method before it is copied into a fixed length buffer on stack. A remote unauthenticated attacker can exploi...

7.5CVSS3AI score0.0356EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/03/29 12:0 a.m.•8 views

Microsoft PowerPoint Malformed Record Code Execution (MS06-058; CVE-2006-4694)

Microsoft PowerPoint is a popular presentation application that is usually released as part of the Microsoft Office suite. The application can create complex presentations using graphics, video and sound. The common extension used for Microsoft PowerPoint documents is .ppt. There exists a memory...

9.3CVSS7.3AI score0.12458EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•2 views

Knet Web Server HTTP Request Denial of Service - Ver2 (CVE-2005-0575)

A denial-of-service vulnerability has been reported in Stormy Studios Knet. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

7.5CVSS2.5AI score0.07772EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/03/26 12:0 a.m.•3 views

Apple Mac OS X Multiple Vulnerabilities - Ver2 (CVE-2013-5135)

Multiple Vulnerabilities exist in Apple Mac OS X. A remote attacker could exploit these vulnerabilities by executing arbitrary code, disclosing information, creating denial of service or bypassing policies on a vulnerable system...

7.5CVSS3.9AI score0.10833EPSS
Exploits0
Total number of security vulnerabilities13538