Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.23 views

MySQL yaSSL Certificate Packet Stack Overflow - Ver2 (CVE-2009-4484)

A buffer overflow vulnerability has been reported in MySQL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.5CVSS5.3AI score0.69552EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.10 views

Microsoft Internet Explorer EUC-JP Character Encoding Cross Site Scripting - Ver2 (CVE-2013-3192)

A universal cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that IE handles EUC-JP character encoding. A remote attacker could exploit this vulnerability by submitting specially crafted HTML code into a target web site that uses EUC-JP...

4.3CVSS5.8AI score0.11469EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.14 views

ISC BIND EDNS Option Processing Denial of Service - Ver2 (CVE-2014-3859)

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is caused by an assertion failure when processing the EDNS option. A remote attacker may exploit this vulnerability by sending a specially crafted query to the affected servers. Successful exploitation would result...

5CVSS7.1AI score0.06978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.10 views

SOAPUI Remote Code Execution - Ver2 (CVE-2014-1202)

A code execution vulnerability has been reported in Eviware SoapUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS7.5AI score0.07673EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.21 views

Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow - Ver2 (CVE-2010-3974)

A heap buffer overflow vulnerability has been discovered in Microsoft Windows Fax Services. The Windows Fax Service is a component that allows a Windows system to act as a Fax server. One of the tools within this fax suite is the Fax Console, which allows a user to monitor the sending and receivi...

7.6CVSS7.5AI score0.18511EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.27 views

Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038) - Ver2 (CVE-2009-1545)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...

9.3CVSS7.6AI score0.28592EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.6 views

Apple Safari KWQListIteratorImpl HTML Tag Handling DoS - Ver2 (CVE-2006-1986)

A denial-of-service vulnerability has been reported in Apple Safari. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

7.5CVSS6.2AI score0.03678EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.8 views

Ultra Mini HTTPD Resource Name Request Handling Stack Buffer Overflow - Ver2 (CVE-2013-5019)

A buffer overflow vulnerability has been reported in Vector Ultra Mini HTTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

10CVSS3.3AI score0.64393EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.32 views

Internet Explorer HTML Help Remote Code Execution (MS05-001) - Ver2 (CVE-2004-1043)

Microsoft Internet Explorer executes with the concept of security zones, which enables the browser to apply different security policies based on the origin of the file that is being rendered. For instance, separate restrictions may be set for remote content and for local content. As a rule,...

5CVSS1AI score0.44984EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.22 views

Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)

A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...

10CVSS6.6AI score0.75116EPSS
Exploits16
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.14 views

Zavio IP Camera Firmware 1603 OS Command Injection - Ver2 (CVE-2013-2570)

A command injection vulnerability has been reported in Zavio F3105 and F312A IP cameras. The vulnerability is due to an input passed via the 'General.Time.NTP.Server' function, when parameter is not properly sanitized upon submission to the subC8C8 function in /opt/cgi/view/param. Successful...

7.5CVSS4.5AI score0.26582EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.27 views

Internet Explorer DHTML Object Memory Corruption (MS05-020) - Ver2 (CVE-2005-0553)

The Microsoft Internet Explorer application is primarily used for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. This application has a built in functionality to interpret JavaScript and VBScript code. It is also capable of using the Document...

5.1CVSS7.4AI score0.50604EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.14 views

Lotus Notes URI Handler Argument Injection - Ver2 (CVE-2004-0480)

A code execution vulnerability has been reported in IBM Lotus Notes. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS4.9AI score0.08647EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.4 views

Dnsmasq Malicious BLKSIZE Option NULL Dereference Denial of Service (CVE-2009-2958)

A denial-of-service vulnerability has been reported in Thekelleys Dnsmasq. The vulnerability is due to a NULL pointer dereference in the tftprequest function inside src/ftpd.c. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on t...

4.3CVSS3.8AI score0.10382EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.3 views

PHP Exif Header Parsing Integer Overflow - Ver2 (CVE-2011-4566)

An integer overflow vulnerability has been reported in PHP. The vulnerability is due to lack of EXIF data validation. A Remote attacker could exploit this vulnerability by uploading a specially crafted image to the target server. Successful exploitation could result in sensitive information...

6.4CVSS3.6AI score0.06674EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.9 views

Microsoft Windows Task Scheduler Buffer Overflow attack - Ver2 (CVE-2004-0212)

A buffer overflow vulnerability has been reported in Microsoft Windows. A remote attacker can cause arbitrary code execution resulting in a loss of integrity using a specially crafted .job file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code ...

10CVSS7.7AI score0.66952EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.33 views

Oracle GlassFish Server Administration Console Authentication Bypass - Ver2 (CVE-2011-1511)

An authentication bypass vulnerability has been reported in the administration console of Oracle GlassFish. The vulnerability is due to an error while processing HTTP TRACE requests. A remote attacker can exploit this vulnerability by sending a crafted TRACE request to the target. Successful...

6.4CVSS6.3AI score0.14646EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.5 views

Interactive Data eSignal Listener Buffer Overflow - Ver2 (CVE-2004-1868)

eSignal is a real-time market data and support tool provided by Interactive Data Corporation. The product supplies financial market data and more for traders over the internet. To facilitate the receipt of incoming data, eSignal opens a local, listening socket on TCP Port 80. There exists a buffe...

7.5CVSS6.5AI score0.06708EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.14 views

Microsoft Word RTF Object Parsing Memory Corruption (MS08-072) - Ver2 (CVE-2008-4030)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

9.3CVSS7.2AI score0.2339EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.12 views

Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032) - Ver2 (CVE-2004-0209)

The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...

10CVSS2AI score0.62054EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.14 views

Internet Explorer Malformed GIF File Double Free (MS04-025) - Ver2 (CVE-2003-1048)

The Graphics Interchange Format GIF defines a file format intended for the on-line transmission and interchange of raster graphic data. It uses the LZW compression algorithm to minimize file sizes. A double free vulnerability exists in the way Microsoft Internet Explorer handles images of the GIF...

10CVSS7.1AI score0.26628EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.10 views

Microsoft HSC URL RemoteCodeExecution (MS04-011) - Ver2 (CVE-2003-0907)

A vulnerability exist in the way Help and Support Center HSC validates URLs with the scheme hcp://. There is a vulnerability in the way the Microsoft Help and Support Center processes URL strings. The vulnerability could be exploited to run malicious JavaScript code in the security context of "My...

5.1CVSS6.1AI score0.21852EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/25 12:0 a.m.3 views

Adobe Flash Player Cross Domain Policy Bypass (APSB15-05: CVE-2015-0340)

Adobe Flash Player is vulnerable to a cross domain policy bypass. If a maliciously crafted file is opened on the target computer, it could initiate a file upload without a user initiated action and to another domain without verifying the cross domain policy...

5CVSS2.6AI score0.03412EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/25 12:0 a.m.22 views

Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious HTTP request containing a specially crafted parameter to the target server...

9CVSS8.4AI score0.50324EPSS
Exploits10
Check Point Advisories
Check Point Advisories
added 2015/03/24 12:0 a.m.0 views

Domain Name Fake SSL Certificate

A vulnerability has been discovered in the way Microsoft Windows handles digital certificates. The vulnerability is due to an improperly issued SSL certificate for the domain “live.ly”. Successful exploitation could allow a remote attacker to perform a man-in-the-middle attack on the remote host...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/24 12:0 a.m.2 views

Adobe Flash Player Use After Free Remote Code Execution (APSB15-05: CVE-2015-0341)

A Use-after-free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error while handling nested objects in the swf file. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted swf file, that can lead to execute...

10CVSS3.3AI score0.07002EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/23 12:0 a.m.3 views

Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0337)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

5CVSS4.4AI score0.0442EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/23 12:0 a.m.5 views

Adobe Flash Player Integer Overflow Remote Code Execution (APSB15-05: CVE-2015-0338)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a design flaw that could lead to integer overflow. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...

10CVSS4.7AI score0.07002EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/23 12:0 a.m.3 views

Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0333)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05511EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/23 12:0 a.m.3 views

Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0339)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05511EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/23 12:0 a.m.4 views

Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0332)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted MP4 file. A remote attacker can exploit this issue and lead to code execution...

10CVSS6.1AI score0.05975EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/22 12:0 a.m.5 views

Adobe Flash Player Type Confusion Code Execution (APSB15-05: CVE-2015-0334)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...

9.3CVSS3.2AI score0.05687EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/22 12:0 a.m.8 views

Microsoft PowerPoint Malformed Record Code Execution (MS06-058) - ver 2 (CVE-2006-4694)

A memory corruption vulnerability has been reported in Microsoft PowerPoint. The flaw is caused by an insufficient checks of a malformed record contained within a PowerPoint file. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the...

9.3CVSS7AI score0.12458EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2015/03/19 12:0 a.m.1 views

Shodan.io Internet Of Things Portal

Shodan is a search engine for Internet-connected devices, which may be used to discover vulnerable devices connected to the Internet, as a preliminary stage before launching an attack...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/18 12:0 a.m.0 views

Acunetix Web Scanner

Acunetix is a vulnerability scanning product. Remote attackers can use Acunetix to detect vulnerabilities on a target server...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/18 12:0 a.m.3 views

Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)

A security bypass vulnerability has been reported in Mozilla Firefox browser. The vulnerability is due to a weakness in the WebRTC protocol. The vulnerability can be exploited through the use of a man-in-the-middle attack. Successful exploitation would allow attackers to decrypt online traffic...

4.3CVSS8.8AI score0.01259EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/18 12:0 a.m.1 views

Masscan Port Scanner

Masscan is a port scanning product. Use of this product might indicate an attempt to collect data regarding the target network, and use it for future attacks...

1.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/16 12:0 a.m.10 views

HappyMall E-Commerce Software Member_HTML.CGI Command Execution (CVE-2003-0243)

A command Execution Vulnerability has been reported in HappyMall E-Commerce Software. The vulnerability is due to improper filtering of the normalhtml.cgi / memberhtml.cgi scripts, while passing pipe and semi-colon characters in the URL. A remote attacker can create a specially crafted URL to cau...

7.5CVSS5.2AI score0.03461EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/16 12:0 a.m.15 views

AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

7.5CVSS4AI score0.01954EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/16 12:0 a.m.5 views

Jays Shell Booter Denial of Service Tool

Jays Shell Booter is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot b...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/16 12:0 a.m.3 views

FireFlood Denial of Service Tool

FireFlood is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive. Note: This protection is supported from version R75.40VS and above and cannot be enforc...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/12 12:0 a.m.5 views

WordPress Contact Form DB Plugin Cross-Site Scripting (CVE-2015-2040)

A cross-site scripting vulnerability has been reported in WordPress Contact Form DB Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.8AI score0.01633EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2015/03/11 12:0 a.m.1 views

JavaScript String Inflation Evasion

An attacker might utilize various evasion technique in order to evade detection by IPS devices...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/11 12:0 a.m.1 views

JavaScript String Dissection Evasion

An attacker might utilize various evasion technique in order to evade detection by IPS devices...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/11 12:0 a.m.1 views

JavaScript String Reversal Evasion

An attacker might utilize various evasion technique in order to evade detection by IPS devices...

2.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/11 12:0 a.m.0 views

JavaScript Data Encoding Evasion

An attacker might utilize various evasion technique in order to evade detection by IPS devices...

2.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/10 12:0 a.m.0 views

Wordpress Reflex Gallery Plugin Arbitrary File Upload

An unauthorized file upload vulnerability has been reported in Wordpress Reflex Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/10 12:0 a.m.9 views

Microsoft Word Local Zone Remote Code Execution (MS15-022; CVE-2015-0097)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted office...

9.3CVSS4.8AI score0.40942EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2015/03/10 12:0 a.m.8 views

Microsoft Office Component Use After Free (MS15-022: CVE-2015-0085)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS7AI score0.18825EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/03/10 12:0 a.m.7 views

Microsoft Exchange Forged Meeting Request Spoofing (MS15-026; CVE-2015-1631)

A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server fails to properly validate meeting organizer identity when accepting or modifying meeting requests. A remote attacker can exploit this issue by sending a specially crafted...

5CVSS2.5AI score0.09146EPSS
Exploits0
Total number of security vulnerabilities13538