Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-0576)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03599EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-8440)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.81943EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•4 views

Multiple PHP Servers B374kshell Backdoor Command Execution

A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•1 views

RomPager Authentication Bypass Attempt - Misfortune Cookie

A vulnerability exists in RomPager web servers. The vulnerability is due to lack of sanitation of the Cookie header. A successful exploitation of this vulnerability allows an attacker to log into the web server under admin privileges...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/10 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-0588)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...

10CVSS3.5AI score0.0605EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•25 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6374)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.1253EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•13 views

Microsoft Internet Explorer VBScript Memory Corruption (MS14-080; CVE-2014-6363)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...

9.3CVSS6.9AI score0.28442EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•22 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6369)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.24646EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•9 views

Microsoft Word Use After Free Remote Code Execution (MS14-081; CVE-2014-6357)

A remote code execution vulnerability exists in Microsoft Word. The vulnerability is due to improper handling of objects in memory while parsing a specially crafted Office file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted Office file...

9.3CVSS8.6AI score0.19378EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•34 views

Microsoft Exchange Server Outlook Web Access Cross-Site Scripting (MS14-075; CVE-2014-6326)

An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange input validation. A remote attacker can exploit this issue by enticing a victim to open a specially crafted email with Microsoft Outlook Web Access OWA...

4.3CVSS6.2AI score0.08722EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•13 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6329)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.20344EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6366)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.23474EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•13 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-8966)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13118EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6375)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13118EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•14 views

Microsoft Office Component Use After Free Remote Code Execution (MS14-082; CVE-2014-6364)

A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is due to an error in the way Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS8.6AI score0.14662EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6330)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.23474EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6376)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13118EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6373)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13118EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•20 views

Microsoft Internet Explorer XSS Filter Bypass (MS14-080: CVE-2014-6328)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

5CVSS7AI score0.21347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6368)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.3CVSS7AI score0.12211EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•14 views

Microsoft Office Index Remote Code Execution (MS14-081; CVE-2014-6356)

A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is due to way Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

9.3CVSS6.9AI score0.11871EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•8 views

Microsoft Exchange Server Outlook Web Access URL Redirection (MS14-075; CVE-2014-6336)

A spoofing vulnerability exists in Microsoft Exchange Server. The vulnerability is due to an error in Microsoft Exchange when Microsoft Outlook Web Access OWA fails to properly validate redirection tokens. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

3.5CVSS6.1AI score0.07072EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•14 views

Microsoft Graphics Component Information Disclosure (MS14-085; CVE-2014-6355)

An information disclosure vulnerability has been reported in the Microsoft Graphics Component. The vulnerability is due to the way Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. A remote attacker can exploit this vulnerability by enticing a user to download...

5CVSS5.7AI score0.34203EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS14-080: CVE-2014-6327)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.13118EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•14 views

Microsoft Excel Invalid Pointer Remote Code Execution (MS14-083; CVE-2014-6361)

A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a target user to open a specially...

9.3CVSS8.6AI score0.13352EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/09 12:0 a.m.•9 views

Microsoft Excel Global Free Remote Code Execution (MS14-083; CVE-2014-6360)

A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a target user to open a specially...

9.3CVSS8.6AI score0.13352EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/08 12:0 a.m.•2 views

Multiple Web Servers ASPXshell Backdoor Command Execution

ASPXshell is a computer program able of executing shell commands, uploading, downloading and deleting files. Placing such a program on a web server could be used to open a backdoor for remote attackers to execute arbitrary commands on the vulnerable server. A remote attacker might place such a to...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/08 12:0 a.m.•5 views

Linux Kernel SCTP Handshake Denial of Service (CVE-2014-0101)

An integer underflow has been found in the SCTP networking module of the Linux kernel. The vulnerability is due to a boundary check error. A remote attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A successful attack will prevent further SCTP...

7.8CVSS1.9AI score0.07045EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/07 12:0 a.m.•1 views

xcv Deface Maker Tool

XCV Deface Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/07 12:0 a.m.•3 views

Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0577)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

10CVSS3.1AI score0.05477EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/04 12:0 a.m.•46 views

HP Network Node Manager I ovopi.dll Command 685 Memory Corruption (CVE-2014-2624)

A memory corruption vulnerability in HP Network Node Manager I NNMi ha been reported. The vulnerability is caused by using remotely supplied data as a pointer without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote unauthenticat...

10CVSS7.5AI score0.65435EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•7 views

Twiki Unauthenticated Remote Code Execution (CVE-2014-7236)

A remote code execution was discovered in TWiki. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...

6.4CVSS3AI score0.55637EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•78 views

RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)

An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...

10CVSS4.1AI score0.63748EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•6 views

Twiki/Fosswiki Unauthenticated Arbitrary File Upload (CVE-2014-7237)

An arbitrary file upload vulnerability has been reported in Twiki/Fosswiki. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS7.3AI score0.20059EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•3 views

Malformed PDF Version Header

PDF files may include a malformed version header. A remote attacker may use such a header inside PDF files to evade IPS inspection, in order to avoid detection of attacks against various PDF vulnerabilities...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/03 12:0 a.m.•30 views

MovableType Unsanitized Input SQL Injection (CVE-2014-9057)

An SQL injection vulnerability was discovered in Movable Type. This vulnerability allows unauthenticated attackers to execute SQL code on the server...

7.5CVSS5.6AI score0.01989EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•1 views

Malicious iFrame Conditional Cookie Injection

Several web exploitation tools inject payloads that are displayed only when specific conditions are met. This may allow an attacker to reduce the odds of detection and to evade inspection...

3.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•5 views

RSYSLOG PRI Value Parsing Integer Overflow Denial of Service (CVE-2014-3683)

A denial of service vulnerability has been reported in rsyslog and sysklogd. The vulnerability is due to an integer overflow when handling PRI values larger than MAXINT in log messages. A remote, unauthenticated attacker can exploit these vulnerabilities by sending crafted packets to an affected...

5CVSS5.3AI score0.04585EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•14 views

RomPager Authorization Buffer Overflow Denial of Service (CVE-2014-9223)

A buffer overflow vulnerability exist in RomPager Web Server. A remote attacker could exploit this vulnerability by sending a crafted request to the vulnerable server causing a denial of service...

10CVSS4.7AI score0.06026EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•6 views

PHP exif Extension exif_ifd_make_value Thumbnail Heap Buffer Overflow (CVE-2014-3670)

A code execution vulnerability exists in PHP exif extension. The vulnerability is due to a buffer overflow when handles exif thumbnail. A remote attacker can exploit the vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP...

6.8CVSS4.6AI score0.22633EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•11 views

xMid Deface Page Creator Tool

xMid Deface Page Creator is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/02 12:0 a.m.•3 views

QEMU vnc set_pixel_format bits_per_pixel Null Pointer Dereference (CVE-2014-7815)

A null pointer dereference vulnerability has been found in QEMU vnc. The vulnerability is due to insufficient checking of an initialized buffer. A remote attacker could exploit this vulnerability by setting bitsperpixel to a value that is less than 8. Successful exploitation could lead to a denia...

5CVSS3.3AI score0.03742EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/01 12:0 a.m.•5 views

Advanced Deface Page Maker Tool

Advanced Deface Page Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/12/01 12:0 a.m.•34 views

WinFTP Server NLST Command Denial of Service (CVE-2008-5666)

A denial of service vulnerability has been reported in WinFTP Server. The vulnerability is due to WinFTP Server failure to handle a NLST command when in PASV mode. A remote attacker can exploit this vulnerability by sending a specially crafted connection request to the vulnerable server...

3.5CVSS1.9AI score0.20591EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/12/01 12:0 a.m.•8 views

Microsoft Internet Explorer Use After Free (CVE-2014-2782)

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a...

9.3CVSS7.2AI score0.22397EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/11/30 12:0 a.m.•7 views

DBGuestBook dbs_base_path Parameter Multiple Vulnerabilities (CVE-2007-1165)

Multiple remote code execution vulnerabilities exists in DBGuestBook. These vulnerabilities are caused due to improper handling of crafted URL using the dbsbasepath parameter. A remote attacker can exploit these vulnerabilities to execute arbitrary code on the vulnerable Web server...

7.5CVSS3.3AI score0.03113EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/30 12:0 a.m.•1 views

Magento eCommerce FlashVar Parameter Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Magento 1.9.0.1 FlashVar Parameter. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/30 12:0 a.m.•20 views

Web Server Content-Disposition Cross-Site Scripting (CVE-2016-7168)

A cross-site scripting vulnerability exists in Content-Disposition HTTP header. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS2.8AI score0.02842EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/27 12:0 a.m.•9 views

Golden FTP PASS Buffer Overflow (CVE-2006-6576)

Golden FTP Server is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.Exploiting this vulnerability may allow remote attackers to execute arbitrary code in the context of the affected...

7.5CVSS9.3AI score0.6681EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/11/27 12:0 a.m.•24 views

Advantech WebAccess SCADA webeye.ocx ip_address Parameter Buffer Overflow (CVE-2014-8388)

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ipaddress parameter contained in the webeye.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...

7.2CVSS3.6AI score0.01051EPSS
Exploits1
Total number of security vulnerabilities13538