Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/11/27 12:0 a.m.•78 views

Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)

A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...

10CVSS7.5AI score0.94534EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/11/26 12:0 a.m.•12 views

Microsoft Windows SChannel Buffer Overflow (MS14-066; CVE-2014-6321)

A remote code execution vulnerability exists in Microsoft SChannel. The vulnerability is due to improper processing of specially crafted packets that leads to a buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target...

10CVSS7.3AI score0.95988EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/25 12:0 a.m.•3 views

MySQL Load File SQL Injection

An SQL injection vulnerability exists in MySQL database server. SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code...

6.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/25 12:0 a.m.•19 views

PHP Core unserialize Function Integer Overflow (CVE-2014-3669)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to an integer overflow within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialize data to a web application running a vulnerable version of PHP. A successful...

7.5CVSS5.2AI score0.28862EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/25 12:0 a.m.•13 views

Microsoft Windows SChannel Denial Of Service (MS14-066; CVE-2014-6321)

A denial of service vulnerability exists in Microsoft SChannel. The vulnerability is due to improper processing of specially crafted packets that leads to a denial of service. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target...

10CVSS6.4AI score0.95988EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/25 12:0 a.m.•15 views

Digi Online Examination Unrestricted File Upload (CVE-2014-8997)

An unauthorized file upload vulnerability has been reported in Digi Online Examination. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a remote attacker to execute...

7.5CVSS4.4AI score0.09133EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/24 12:0 a.m.•0 views

MySQL Into OutFile SQL Injection

An SQL injection vulnerability exists in MySQL database server.SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code ...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/24 12:0 a.m.•19 views

AWStats configdir Parameter Remote Command Execution (CVE-2005-0116; CVE-2005-0362)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

7.5CVSS4.1AI score0.74941EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/11/23 12:0 a.m.•2 views

MySQL Database Null Pointer Denial of Service (CVE-2011-5049)

A denial of service vulnerability exists in MySQL database server. The vulnerability is due to a NULL pointer dereference error in the server. Remote users can exploit this vulnerability to cause a denial of service condition...

4.3CVSS4AI score0.04526EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/23 12:0 a.m.•2 views

Microsoft Internet Explorer CTitleElement Use After Free

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/23 12:0 a.m.•5 views

CA Brighstor ARCserve Backup Agent Buffer Overflow (CVE-2005-1272)

A stack based buffer overflow vulnerability exists in BrightStor ARCserve and Enterprise Backup Agent for windows. The vulnerability is caused due to a boundary error in the Backup Agents. A remote attacker can exploit this vulnerability to cause a denial of service condition or execute arbitrary...

7.5CVSS7.6AI score0.66121EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/11/20 12:0 a.m.•22 views

Multiple Ichitaro Products Unspecified Remote Code Execution (CVE-2014-7247)

An Unspecified Remote Code Execution detected in Ichitaro Multiple Products. An attacker can exploit this vulnerability to execute arbitrary code with admin privileges. Successful exploitation of this issue will allow execution of arbitrary code on an affected system...

10CVSS7.8AI score0.05335EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/20 12:0 a.m.•27 views

ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038)

An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data and an input validation error in the agentHandler servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose...

5CVSS3AI score0.72757EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/11/20 12:0 a.m.•24 views

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)

A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...

4.3CVSS3.5AI score0.03923EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/11/19 12:0 a.m.•21 views

Microsoft Windows Kerberos KDC Elevation of Privilege (MS14-068; CVE-2014-6324)

A remote elevation of privilege vulnerability has been reported in Microsoft Windows Kerberos KDC. The vulnerability is due to improper validation of signatures in the Kerberos ticket. A remote attacker could use these elevated privileges to compromise any computer in the domain, including domain...

9CVSS5.8AI score0.87448EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/11/18 12:0 a.m.•44 views

Moodle Spellcheck Remote Command Execution (CVE-2013-3630)

A remote command execution vulnerability has been reported in Moodle Spellcheck. The vulnerability is due to insufficient validation of the Spellcheck mechanism. A remote attacker can exploit this vulnerability to execute a crafted file which will allow running arbitrary commands in the context o...

4.6CVSS3.9AI score0.42566EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•4 views

LibreOffice Impress Remote Control Use After Free (CVE-2014-3693)

A use after free vulnerability exists in LibreOffice Impress. The vulnerability is due to an error in the code managing remote control port. A remote unauthenticated attacker can exploit this vulnerability by sending crafted data to the affected port. Successful exploitation will result in...

7.5CVSS4.3AI score0.04955EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•1 views

Web Servers File Download Manipulation

An attacker can manipulate a web server to download and execute code stored on a third party server...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•9 views

SlimFTPd LIST Command Buffer Overflow (CVE-2005-2373)

A buffer overflow vulnerability exists in SlimFTPd server. The vulnerability is due to insufficient bounds verification on certain FTP service commands. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted FTP LIST service command to the target server...

7.2CVSS4.1AI score0.45745EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•34 views

Visual Mining NetCharts Server Admin Console Arbitrary File Upload (CVE-2014-8516)

An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability exists in the Admin console and is due to insufficient validation of filename during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the...

10CVSS3.3AI score0.8168EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•2 views

Visual Mining NetCharts Server File Upload Directory Traversal

A directory traversal vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to insufficient validation of file paths during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system by uploading...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/17 12:0 a.m.•20 views

Adobe ColdFusion FCKeditor Input Validation Flaw Arbitrary File Upload (CVE-2008-6178; CVE-2009-2265)

A vulnerability has been reported in Adobe Systems ColdFusion that could allow remote users to upload files in arbitrary directories potentially leading to a system compromise. The vulnerability is due to an input validation error in the FCKeditor which is embedded in ColdFusion 8. Remote attacke...

7.5CVSS4.8AI score0.83865EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•0 views

Joomla Component com_jeemasms Multiple

A Multiple injection vulnerability has been reported in Joomla Com Jeemasms. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•6 views

Web Clients Suspicious Image File Download

A remote attacker can hide a malicious code within an image file, in an attempt to avoid detection. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...

4.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•12 views

Joomla Component jeeventcalendar SQL Injection (CVE-2010-2513)

An SQL injection vulnerability has been reported in Joomla Jeeventcalendar. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.00975EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•8 views

Joomla Component com_techfolio SQL Injection (CVE-2011-5113)

An SQL injection vulnerability has been reported in Joomla Com Techfolio. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.1AI score0.01024EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•26 views

Microsoft ASP.NET MVC Cross-Site Scripting (MS14-059; CVE-2014-4075)

A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due to the way ASP.NET MVC encodes user input. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to follow a malicious link...

4.3CVSS5.8AI score0.2016EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•11 views

Joomla Component com_oziogallery SQL Injection (CVE-2010-2910)

An SQL injection vulnerability has been reported in Joomla Com Oziogallery. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.00967EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•5 views

Joomla Component com_Jobline SQL Injection (CVE-2009-2554)

An SQL injection vulnerability has been reported in Joomla Com Jobline. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

6.8CVSS5.3AI score0.00913EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•60 views

NetBSD tnftp fetch.c fetch_url Command Execution (CVE-2014-8517)

A command execution vulnerability has been reported in NetBSD tnftp. The vulnerability is due to insufficient validation of the ftp output file name when using an HTTP URI to fetch files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a malicious UR...

7.5CVSS5AI score0.69115EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•21 views

Joomla Component com_listing SQL Injection (CVE-2011-4830)

An SQL injection vulnerability has been reported in Joomla Com Listing. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

3.5CVSS8.1AI score0.01359EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•9 views

Joomla Component com_huruhelpdesk SQL Injection (CVE-2010-2907)

An SQL injection vulnerability has been reported in Joomla Com Huruhelpdesk. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.6AI score0.0199EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•9 views

Joomla Component com_jequoteform Local File Inclusion (CVE-2010-2128)

A file inclusion vulnerability has been reported in Joomla Com Jequoteform. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS4.5AI score0.15821EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•32 views

Web Servers Suspicious File Upload (CVE-2019-16113; CVE-2021-26918; CVE-2022-26645)

A remote attacker can upload a malicious file to a web server. Successful exploitation could result in the execution of arbitrary code in the security context of the web server...

7.5CVSS5.7AI score0.77962EPSS
Exploits19
Check Point Advisories
Check Point Advisories
•added 2014/11/16 12:0 a.m.•2 views

Joomla Component Scriptegrator File Inclusion

A file inclusion vulnerability has been reported in Joomla Scriptegrator.Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

3.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/13 12:0 a.m.•0 views

Joomla Component com_people Local File Inclusion

A file inclusion vulnerability has been reported in Joomla Com Bfsurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/13 12:0 a.m.•2 views

Joomla Component com_yellowpages SQL Injection

An SQL injection vulnerability has been reported in Joomla Com Yellowpages. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

8.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/13 12:0 a.m.•3 views

Adobe Flash Player Memory Leakage (APSB14-21: CVE-2014-0557)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.6AI score0.05032EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/12 12:0 a.m.•0 views

SunRPC Data Connection Evasion Technique

SunRPC protocol is vulnerable to evasion techniques over its data connection. An attacker may try to evade inspection via an unauthorized data connection. Successful evasion may result in a remote code execution...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/12 12:0 a.m.•2 views

Mayhem Shellshock Infection Attempt

Mayhem uses a PHP script to drop malicious objects to the affected client...

1.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/12 12:0 a.m.•13 views

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by modproxyajp when used with modproxybalancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP...

4.3CVSS1.6AI score0.2238EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/11/12 12:0 a.m.•12 views

PHP Fileinfo cdf_read_property_info Denial of Service - ver 2 (CVE-2014-3587)

A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...

4.3CVSS5.1AI score0.20237EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/12 12:0 a.m.•27 views

Belkin N750 Router Unauthenticated Remote Command Execution (CVE-2014-1635)

A buffer overflow vulnerability has been reported in Belkin N750 router. The vulnerability is due to improper input validation in the router's Web interface. A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the victim. Successful exploitation of this...

10CVSS2AI score0.67487EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6344)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15525EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•5 views

Microsoft Windows Audio Service Elevation of Privilege (MS14-071; CVE-2014-6322)

An elevation of privilege vulnerability has been reported in Windows audio service that could be exploited through Internet Explorer. The vulnerability is due to the way Internet Explorer improperly validates permissions under specific conditions. A remote attacker may exploit this issue by...

4.3CVSS6.3AI score0.12974EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-4143)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.20885EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS14-065: CVE-2014-6351)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.22485EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•7 views

Microsoft SharePoint Active Scripting Elevation of Privilege (MS14-073; CVE-2014-4116)

An elevation of privilege vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to an error in the way Microsoft SharePoint Server sanitizes page content in SharePoint lists. A remote attacker may exploit this issue by enticing a target user to open a specially crafted...

4.3CVSS6.3AI score0.08801EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•9 views

Microsoft Internet Explorer Elevation of Privilege (MS14-065: CVE-2014-6350)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

4.3CVSS6.3AI score0.20558EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/11 12:0 a.m.•4 views

Microsoft Windows OLE Automation Array Remote Code Execution (MS14-064; CVE-2014-6332)

A remote code execution vulnerability has been reported in Microsoft Windows Object Linking and Embedding OLE. The vulnerability is due to an improper access to memory objects by Internet Explorer. A remote attacker can exploit this issue by enticing target users to view a specially crafted...

9.3CVSS6.1AI score0.94996EPSS
Exploits39
Total number of security vulnerabilities13538