Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/02/24 12:0 a.m.•5 views

Adobe Flash Player Heap Buffer Overflow (APSB15-04: CVE-2015-0327)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.3AI score0.0907EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/24 12:0 a.m.•7 views

Adobe Flash Player Buffer Overflow (APSB15-04: CVE-2015-0324)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a buffer overflow while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS2.7AI score0.0907EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/24 12:0 a.m.•5 views

Adobe Flash Player Null Pointer(APSB15-04: CVE-2015-0325)

A null pointer dereference issues vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS3.9AI score0.06282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/24 12:0 a.m.•4 views

Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0322)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS4.1AI score0.07271EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/24 12:0 a.m.•2 views

Adobe Flash Player Null Pointer Dereference (APSB15-04: CVE-2015-0326)

A null pointer dereference vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a null pointer dereference while accessing URLRequest object. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted file...

10CVSS2.2AI score0.06282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/23 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0321)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.06132EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/23 12:0 a.m.•6 views

ManageEngine ServiceDesk Plus User Privileges Bypass (CVE-2015-1480)

A policy bypass vulnerability exists in ManageEngine ServiceDesk Plus. The vulnerability is due to a design weakness when handling certain URLs which require administrative access. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to the target...

4CVSS3.5AI score0.06261EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/23 12:0 a.m.•7 views

Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0320)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS4.1AI score0.09983EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/23 12:0 a.m.•37 views

Microsoft Windows Group Policy Remote Code Execution (MS15-011; CVE-2015-0008)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. An attacker can exploit this vulnerability by convincing a victim with a...

8.3CVSS4.2AI score0.2858EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/02/22 12:0 a.m.•17 views

WordPress Image Metadata Cruncher Plugin Cross Site Request Forgery (CVE-2015-1614)

A cross-site request forgery CSRF vulnerability has been reported in WordPress Image Metadata Cruncher Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...

6.8CVSS3.4AI score0.01196EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/02/22 12:0 a.m.•6 views

WordPress Mobile Domain Plugin Cross Site Request Forgery (CVE-2015-1581)

A cross-site request forgery CSRF vulnerability has been reported in WordPress Mobile Domain Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...

6.8CVSS3AI score0.01001EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/20 12:0 a.m.•2 views

SuperFish Adware Root Certificate

SuperFish Adware is a software that uses SSL man-in-the-middle MitM technique in order to intercept SSL sessions and inject its own content into the session. Successful exploitation might result in disclosure of confidential or private information passed over the SSL channel, or in such informati...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•1 views

WordPress DesignFolio-Plus Theme Arbitrary File Upload

An unauthorized file upload vulnerability has been reported in WordPress DesignFolio-Plus Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•10 views

WordPress Redirection Page Plugin Cross Site Request Forgery (CVE-2015-1580)

A cross-site request forgery CSRF vulnerability has been reported in WordPress Redirection Page Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...

6.8CVSS3.4AI score0.01001EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•2 views

WordPress Foxypress Plugin Unrestricted File Upload

An unauthorized file upload vulnerability has been reported in WordPress Foxypress Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•1 views

WordPress Infusionsoft Gravity Forms Add-on Plugin Unrestricted File Upload

An unauthorized file upload vulnerability has been reported in WordPress Infusionsoft Gravity Forms Add-on Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•37 views

WordPress Holding Pattern Theme Arbitrary File Upload (CVE-2015-1172)

An unauthorized file upload vulnerability has been reported in WordPress Holding Pattern Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...

7.5CVSS2.7AI score0.59254EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/02/19 12:0 a.m.•13 views

WordPress Fusion Theme Arbitrary File Upload (CVE-2015-2194)

An unauthorized file upload vulnerability has been reported in WordPress Fusion Theme. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...

6.5CVSS3.8AI score0.03189EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/18 12:0 a.m.•5 views

Adobe Flash Player Type Confusion Code Execution (APSB15-04: CVE-2015-0319)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...

10CVSS3.2AI score0.07788EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/17 12:0 a.m.•6 views

Adobe Flash Player Type Confusion Code Execution (APSB15-04: CVE-2015-0317)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...

10CVSS3.2AI score0.07788EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/17 12:0 a.m.•2 views

Google Email Application Header Parsing Denial Of Service

A vulnerability in the Google email application has been found. The vulnerability occurs when processing a malicious email message. An attacker can remotely perform a Denial Of Service attack by sending a specially crafted email...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/17 12:0 a.m.•9 views

PHP exif Extension exif_read_data NULL Pointer Dereference (CVE-2015-0232)

A code execution vulnerability exists in PHP's exif extension. The vulnerability is due to a NULL Pointer dereference inside the exifreaddata function. A remote attacker can exploit this vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP...

6.8CVSS4.7AI score0.16212EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/17 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0318)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.75781EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/02/16 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0316)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.06132EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/16 12:0 a.m.•18 views

PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to ...

7.5CVSS2.8AI score0.42593EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/02/16 12:0 a.m.•6 views

RPM Package Manager CPIO Header NameSize Integer Overflow (CVE-2014-8118)

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a...

10CVSS4.4AI score0.07611EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/15 12:0 a.m.•3 views

Schneider Electric ProClima MetaDraw ArrangeObjects Memory Corruption (CVE-2014-9188)

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to the dereferencing of an attacker supplied memory address by the MetaDraw ActiveX control's ArrangeObjects method. A remote unauthenticated attacker could exploit this vulnerability by...

9CVSS7AI score0.06121EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/15 12:0 a.m.•4 views

McAfee ePolicy Orchestrator XML Entity Injection (CVE-2015-0921)

An XML External Entity vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an input validation error in the ePO-web application. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...

4CVSS6.3AI score0.17355EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/02/15 12:0 a.m.•3 views

Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0315)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS4.1AI score0.09619EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/15 12:0 a.m.•5 views

Oracle Java PhantomReference Use After Free (CVE-2015-0395)

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a use after free error when handling phantom object references in the Hotspot JVM garbage collector. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user...

9.3CVSS2.5AI score0.05909EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/15 12:0 a.m.•8 views

Wordpress Photo Gallery Plugin Unrestricted File Upload (CVE-2014-9312)

An unauthorized file upload vulnerability has been reported in Wordpress Photo Gallery Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to...

6.5CVSS4AI score0.45354EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2015/02/12 12:0 a.m.•10 views

Wordpress Survey And Poll Plugin SQL Injection (CVE-2015-2090)

An SQL injection vulnerability has been reported in Wordpress Survey and Poll Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.8AI score0.04737EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/02/12 12:0 a.m.•17 views

WordPress SEO by Yoast Plugin SQL Injection (CVE-2015-2292)

An SQL injection vulnerability has been reported in WordPress SEO by Yoast Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

6.5CVSS4.9AI score0.05785EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/02/12 12:0 a.m.•21 views

Wordpress Video Gallery Plugin SQL Injection (CVE-2014-9097)

An SQL injection vulnerability has been reported in Wordpress Video Gallery Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.3AI score0.05173EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/02/11 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB15-04: CVE-2015-0314)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.06367EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•2 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0040)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.30043EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0050)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.33463EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•10 views

Microsoft Office Shared Component ASLR Bypass (MS15-013; CVE-2014-6362)

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization ASLR by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by...

4.3CVSS6.1AI score0.1616EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0043)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.16114EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•5 views

Microsoft Internet Explorer ASLR Bypass (MS15-009: CVE-2015-0051)

A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

4.3CVSS6.2AI score0.15458EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•4 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0048)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•4 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0049)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0035)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.16009EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0018)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0038)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•10 views

Microsoft Internet Explorer ASLR Bypass (MS15-009: CVE-2015-0071)

A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

4.3CVSS6.1AI score0.33581EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0046)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•6 views

Microsoft Windows TIFF Processing Information Disclosure (MS15-016; CVE-2015-0061)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles uninitialized memory when parsing specially crafted TIFF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

4.3CVSS5.7AI score0.18865EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•23 views

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0023)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.16584EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/02/10 12:0 a.m.•14 views

Microsoft Windows TrueType Font Parsing Remote Code Execution (MS15-010; CVE-2015-0059)

A remote code execution vulnerability exists in the Windows kernel-mode driver Win32k.sys. The vulnerability is caused when Windows kernel-mode driver improperly handles TrueType fonts. A remote attacker can exploit this issue by enticing a user to open a specially crafted TTF file...

6.9CVSS5.8AI score0.11104EPSS
Exploits0
Total number of security vulnerabilities13538