Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•17 views

Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)

A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...

6.5CVSS1.9AI score0.02717EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•19 views

Microsoft Host Integration Server Remote Command Execution (MS08-059) - Ver2 (CVE-2008-3466)

Microsoft Host Integration Server HIS is a gateway application that provides host access and integration, extending Microsoft Windows to other systems by integrating mission-critical host applications, data sources, messaging, and security systems. . A remote code execution vulnerability has been...

10CVSS7.6AI score0.77741EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•10 views

Microsoft Graphics Device Interface Integer Overflow - Ver2 (CVE-2013-3940)

An integer overflow vulnerability has been reported in the way that the Windows Graphics Device Interface GDI processes specially crafted image files. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted Windows Write file. Successful exploitation of this...

9.3CVSS5.5AI score0.34452EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•10 views

Firefox Protocol Handler Code Execution - Ver2 (CVE-2007-3845)

A code execution vulnerability has been reported in Mozilla Firefox, Mozilla Thunderbird and Mozilla SeaMonkey. An attacker could exploit this vulnerability via certain vectors associated with launching a file handling program based on the file extension at the end of the URI a variant of...

9.3CVSS3.7AI score0.19655EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•13 views

RealNetworks RealPlayer MPG Width Integer Underflow Memory Corruption - Ver2 (CVE-2011-4259)

A memory corruption vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to an integer underflow condition caused while handling MPEG-2 files with a specially crafted width parameter. An attacker could exploit this vulnerability by enticing a target user to open a...

9.3CVSS7.2AI score0.03017EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•26 views

Dlink IP Camera Luminance Information Disclosure - Ver2 (CVE-2013-1601)

An information disclosure vulnerability has been reported in Multiple D-Link IP Cameras. An attacker could exploit this vulnerability via direct requests for the md/lums.cgi. Successful exploitation of this vulnerability could allow a remote attacker to gain access to ASCII output of the live vid...

5CVSS3.2AI score0.12728EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•23 views

IBM Informix Dynamic Server Long Username Authentication Error Stack Overflow - Ver2 (CVE-2006-3854)

A buffer overflow vulnerability has been reported in IBM Informix Dynamic Database Server. An attacker could exploit this vulnerability via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. Successful exploitation of this vulnerability could all...

7.5CVSS4.6AI score0.0354EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•5 views

Microsoft Excel Obj BIFF Record Boundary Access (MS11-045) - Ver2 (CVE-2011-1272)

Microsoft Excel is a popular spreadsheet application. A vulnerability has been identified in Microsoft Excel. A remote attacker could exploit this issue via a malformed Excel file. A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. ...

9.3CVSS6.9AI score0.17592EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•17 views

Microsoft Scripting Runtime Object Library Use-After-Free Code Execution (MS13-099) - Ver2 (CVE-2013-5056)

A remote code execution vulnerability has been reported in the Microsoft Scripting Runtime Object Library. The vulnerability is caused due to an error in the way Microsoft Scripting Runtime Object Library handles objects in memory. A remote attacker can exploit this issue by enticing a user to op...

9.3CVSS6.7AI score0.20353EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•18 views

DameWare Mini Remote Control Service Username Overflow Buffer Overflow - Ver2 (CVE-2005-2842)

A buffer overflow vulnerability has been reported in Dameware Development Mini Remote Control Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.5CVSS5.6AI score0.21123EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•31 views

EMC Replication Manager Command Execution - Ver2 (CVE-2011-0647)

A command execution vulnerability has been reported in Emc Replication Manager and Emc Networker Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.7AI score0.63676EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•13 views

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

A denial of service vulnerability has been reported in the moddav component of Apache HTTP Server. The vulnerability is due to a NULL pointer dereference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker can send a crafted HTTP...

4.3CVSS1.3AI score0.29484EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•39 views

Piwigo Photo Gallery Project install script Directory Traversal - Ver2 (CVE-2013-1469)

A directory traversal vulnerability has been reported in Piwigo. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

4CVSS4.5AI score0.56011EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•24 views

Asterisk chan_iax2 IAX2 Control Frame LAGR Denial of Service - Ver2 (CVE-2007-3763)

A denial-of-service vulnerability has been reported in Asterisk AsteriskNOW, Asterisk Appliance Developer Kit and Asterisk S800i Appliance. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS4.2AI score0.2656EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•20 views

InterNetNews Control Message Handling Buffer Overflow - Ver2 (CVE-2004-0045)

The InterNetNews package INN is a complete Usenet system. It includes innd, an NNTP server, and nnrpd, a newsreading server. A vulnerability exists in the NNTP server component of InterNetNews INN, which can be exploited to compromise a vulnerable system. The vulnerability is caused due to a...

7.5CVSS6.7AI score0.08622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•5 views

Internet Explorer WMF CreateBrushIndirect DoS - Ver2 (CVE-2006-4071)

A denial-of-service vulnerability has been reported in Microsoft Windows XP and Microsoft Windows Server 2003. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

2.6CVSS3.9AI score0.23995EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•14 views

Symantec Workspace Streaming XML-RPC Arbitrary File Upload - Ver2 (CVE-2014-1649)

An arbitrary file upload vulnerability has been reported in Symantec Workspace. The vulnerability is due to lack of access control validation in the functionality used to process XMLRPC requests. A remote unauthenticated attacker could exploit this vulnerability by a sending specially crafted...

7.9CVSS4.2AI score0.42312EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/12/28 12:0 a.m.•17 views

Microsoft Office Art Drawing Records Code Execution (MS10-087) - Ver2 (CVE-2010-3334)

Microsoft Office is an office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems. A remote attacker could exploit this issue via a malformed Office file. Successful exploitation of this vulnerability may allow execution of...

9.3CVSS6.6AI score0.25459EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•2 views

OpenSSL Multiple Invalid SRP Parameters Buffer Overflow (CVE-2014-3512)

A heap buffer overflow vulnerability exists in OpenSSL. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted TLS messages to the target. Successful exploitation could lead to arbitrary code execution in context of the OpenSSL server application...

7.5CVSS5.8AI score0.7408EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•3 views

Hikvision DVR Request Header and Request Body Buffer Overflow (CVE-2014-4878; CVE-2014-4879)

A buffer overflow vulnerability has been reported in Hikvision DVR. The vulnerability is due to a boundary error in Basic Authentication Request Header Handling and Request Body Handling of an RTSP transaction. Successful exploitation may cause a denial of service condition or allow the attacker ...

3.1AI score
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•4 views

Adobe Flash Player Information Disclosure (APSB14-27: CVE-2014-9162)

An Information Disclosure Vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker could exploit these vulnerability by enticing a target user to open a crafted file...

10CVSS1.5AI score0.04672EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•1 views

Adobe Flash Player Type Confusion Code Execution (APSB14-24: CVE-2014-0586)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation...

10CVSS3.2AI score0.05477EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•6 views

Adobe Flash Player Double Free (APSB14-24: CVE-2014-0574)

A double free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error caused by an attempt of the worker thread and the main thread to clear a shared ByteArray simultaneously. This vulnerability could lead to a crash of the player...

10CVSS1.4AI score0.0826EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•11 views

RealNetworks RealPlayer MPG Width Integer Underflow Memory Corruption - ver 2 (CVE-2011-4259)

An memory corruption vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to an integer underflow condition caused while handling MPEG-2 files with a specially crafted width parameter. A remote attacker may exploit this issue by enticing a target user to open a...

9.3CVSS7.3AI score0.03017EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/25 12:0 a.m.•16 views

Hikvision DVR Basic Authentication Buffer Overflow (CVE-2014-4880)

A buffer overflow vulnerability has been reported in Hikvision DVR. The vulnerability is due to a boundary error in Basic Authentication Handling of an RTSP transaction. Successful exploitation may cause a denial of service condition or allow the attacker to inject and execute arbitrary code on t...

7.5CVSS7.6AI score0.72084EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/23 12:0 a.m.•11 views

PHP-Fusion Multiple SQL Injections (CVE-2014-8596)

SQL injection vulnerability has been reported in PHP-Fusion. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.9AI score0.03255EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/12/22 12:0 a.m.•3 views

Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0585)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

10CVSS3.1AI score0.04545EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/22 12:0 a.m.•7 views

Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0584)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

10CVSS3.1AI score0.05477EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/22 12:0 a.m.•1 views

Multiple Web Servers king injector Backdoor Command Execution

A command execution vulnerability has been reported in multiple Web servers. The vulnerability is due to the existence of a backdoor file on the Web server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/21 12:0 a.m.•3 views

Multiple Web Servers Smart Shell Backdoor Command Execution

A command execution vulnerability has been reported in multiple web servers. The vulnerability is due to the existence of a backdoor file on the web server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/21 12:0 a.m.•7 views

ISC BIND Recursive Resolver Resource Consumption Denial of Service (CVE-2014-8500)

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a design weakness in the way BIND follows DNS delegations. A remote attacker can exploit these vulnerabilities by sending a request to a recursive resolver forcing the resolver to issue a large number possibly...

7.8CVSS4.1AI score0.65683EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/21 12:0 a.m.•27 views

Technicolor DT5130 Router Command Injection (CVE-2014-9144)

A command injection vulnerability has been reported in Technicolor DT5130 Router. Successful exploitation would allow an attacker to execute commands in the security context of the logged on user...

7.5CVSS3.6AI score0.08564EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/18 12:0 a.m.•11 views

Microsoft Graphics Component Information Disclosure (MS14-085) - ver 2 (CVE-2014-6355)

An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker can exploit this vulnerability by enticing a user to download...

5CVSS5.7AI score0.34203EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/18 12:0 a.m.•2 views

WebRooT Hack Tools

A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-26: CVE-2014-8439)

A write what where vulnerability exists in Adobe Flash Player. The vulnerability is due to a memory corruption when handling ByteArray objects. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in the execution of...

10CVSS2.8AI score0.20008EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•2 views

Adobe Flash Player Privilege Escalation (APSB14-24; CVE-2014-8442; CVE-2015-3101)

A privilege escalation vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

7.5CVSS4.9AI score0.05337EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•14 views

ManageEngine NetFlow Analyzer And IT360 DisplayChartPDF Directory Traversal (CVE-2014-5446)

A directory traversal vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the filename parameter sent to the DisplayChartPDF servlet in HTTP requests. A remote unauthenticated attacker can downloa...

5CVSS3AI score0.54715EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•5 views

Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow (CVE-2009-3459)

Portable Document Format PDF is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue will cause the application to become non-responsive, and m...

9.3CVSS6.9AI score0.86468EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•26 views

ManageEngine EventLog Analyzer Hostdetails Information Disclosure (CVE-2014-6039)

An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data in the HostDataServlet servlet...

5CVSS1.5AI score0.68779EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/12/17 12:0 a.m.•41 views

WordPress Slider Revolution Plugin Local File Inclusion (CVE-2014-9734; CVE-2015-1579)

An information disclosure vulnerability has been reported in WordPress Slider Revolution Plugin. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

5CVSS2.4AI score0.22055EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/12/16 12:0 a.m.•16 views

FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)

A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...

10CVSS3.5AI score0.4299EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/12/15 12:0 a.m.•0 views

Fast Wordpress Index Changer

Fast Wordpress Index Changer is a computer program that allows users to change Wordpress index pages. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/15 12:0 a.m.•4 views

Adobe Flash Player Heap Buffer Overflow (APSB14-24: CVE-2014-0583)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

7.5CVSS4.3AI score0.06528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/15 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-0581)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03599EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/14 12:0 a.m.•18 views

PHP Web Shell Generic Backdoor (CVE-2020-24186)

An attacker might upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

7.5CVSS2.4AI score0.94535EPSS
Exploits19
Check Point Advisories
Check Point Advisories
•added 2014/12/14 12:0 a.m.•2 views

Adobe Flash Player Stack Buffer Overflow (CVE-2014-9163)

A stack-based buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient sanity check. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

10CVSS4.6AI score0.20356EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/11 12:0 a.m.•2 views

Joomla and Wordpress Mass Defacer Tool

Joomla and Wordpress Mass Defacer is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/11 12:0 a.m.•3 views

Web Servers CryptoPHP Backdoor

Some free themes for Joomla, WordPress and Drupal CMS include a backdoor to the service. By installing these themes the system administrator installs the CryptoPHP backdoor...

3.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/11 12:0 a.m.•23 views

Microsoft Internet Explorer Use After Free Remote Code Execution (CVE-2014-8967)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...

6.8CVSS7.1AI score0.12403EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•1 views

Horny Monkey Deface Maker Tool

Horny Monkey Deface Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

2.6AI score
Exploits0
Total number of security vulnerabilities13538