Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/11/10 12:0 a.m.•10 views

Joomla Component com_ezine Remote File Inclusion (CVE-2009-4094)

A file inclusion vulnerability has been reported in Designforjoomla Com Ezine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5AI score0.02279EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/10 12:0 a.m.•16 views

Joomla Component com_bfsurvey Local File Inclusion (CVE-2010-2259)

A file inclusion vulnerability has been reported in Joomla Com Bfsurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS4.8AI score0.18524EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/10 12:0 a.m.•12 views

Joomla Component com_5starhotels SQL Injection (CVE-2008-5864)

An SQL injection vulnerability has been reported in Joomla Com 5starhotels. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.3AI score0.02007EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/11/09 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB14-21: CVE-2014-0553; CVE-2017-2992)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...

9.3CVSS3.4AI score0.32676EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/11/09 12:0 a.m.•9 views

F5 Multiple Products iControl API hostname Remote Command Execution (CVE-2014-2928)

A remote command execution vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of the hostname element in incoming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to...

7.1CVSS3.3AI score0.3905EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/11/09 12:0 a.m.•38 views

HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)

Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...

7.5CVSS6.9AI score0.06936EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/09 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0549)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05756EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/09 12:0 a.m.•19 views

Foxit Reader PDF Files Processing Buffer Overflow (CVE-2009-0837)

There exists a Stack-based buffer overflow in Foxit Reader, which allows remote attackers to execute arbitrary code via a long relative path or absolute path in the filename argument in an action...

10CVSS7.7AI score0.75781EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/11/06 12:0 a.m.•0 views

Operation Huyao Phishing Attempt

Operation Huyao is a phishing campaign using a proxy to create a copy of the attacked website, and lure the victim user to hand his details to the attacker...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/06 12:0 a.m.•2 views

LibVNCServer scale.c rfbSendNewScaleSize Use After Free

A use-after-free vulnerability has been found in LibVNCServer. The vulnerability is due to an issue with processing wrt scaling messages. A remote attacker can exploit this vulnerability by sending a wrt scaling message and terminating the connection before receiving server's response. Successful...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/05 12:0 a.m.•26 views

activeCollab Chat Module Arbitrary PHP Code Execution (CVE-2012-6554)

A code execution vulnerability exists in Chat module for activeCollab.The vulnerability is due to a flaw that is triggered by the pregreplace function.A remote attacker may exploit this vulnerability by evaluating a string with complex curly syntax, allowing for the execution of arbitrary code...

6.5CVSS4.5AI score0.16701EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/11/04 12:0 a.m.•12 views

HP System Management Homepage red2301.html RedirectUrl Cross Site Scripting (CVE-2014-2640)

A cross-site scripting vulnerability exists in HP's System Management Homepage SMH. The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious...

4.3CVSS1AI score0.03884EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/03 12:0 a.m.•2 views

OpenSSL Invalid Session Ticket Denial of Service (CVE-2014-3567)

A denial-of-service vulnerability exists in OpenSSL. It is due to a memory leak when OpenSSL processes invalidsession tickets to verify their integrity. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of servi...

7.1CVSS3.4AI score0.23598EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/03 12:0 a.m.•1 views

Nuclear Exploit Kit Redirection

Nuclear Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/03 12:0 a.m.•2 views

Archie Exploit Kit Landing Page Code Execution

Archie exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Archie exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...

5.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/03 12:0 a.m.•1 views

Nuclear Exploit Kit Landing Page

Nuclear Exploit Kit operates by delivering a malicious payload to the victim's computer. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded...

2.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/11/02 12:0 a.m.•42 views

Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)

A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...

9.3CVSS7.7AI score0.78546EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2014/10/30 12:0 a.m.•14 views

HP Sprinter Tidestone Formula One DefaultFontName Buffer Overflow (CVE-2014-2638)

A code execution vulnerability exists in HP Sprinter. The vulnerability is due to a buffer overflow while handling the DefaultFontName property within the Tidestone Formula One ActiveX control. A remote attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...

7.5CVSS7.5AI score0.06936EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/30 12:0 a.m.•18 views

Microsoft Internet Explorer Resource Information Disclosure (MS14-052; CVE-2013-7331)

An information disclosure vulnerability exists in Internet Explorer. This vulnerability is caused when the XMLDOM ActiveX control allows local resources to be enumerated. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...

4.3CVSS3.5AI score0.58023EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/10/30 12:0 a.m.•2 views

Spike DDoS Toolkit GET Flood Denial of Service

Spike DDos Toolkit has multiple DDoS payloads, including SYN flood, UDP flood, Domain Name System DNS query flood, and GET floods...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/29 12:0 a.m.•21 views

Digium Asterisk HTTP Connections Denial of Service (CVE-2014-4047)

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to the way HTTP sessions are being handled. A remote, unauthenticated attacker can exploit this vulnerability by establishing an excessive number of TCP connections to the configured HTTP or HTTPS port...

5CVSS1.7AI score0.0491EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/27 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0551)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05756EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/26 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0547)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05756EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/26 12:0 a.m.•8 views

PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)

A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP...

4.3CVSS5.2AI score0.20237EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/10/26 12:0 a.m.•13 views

LifeSize Room Security Bypass and Command Injection Vulnerabilities (CVE-2011-2763)

Multiple vulnerabilities exist in the LifeSize Room appliance. The vulnerabilities are due Unauthenticated OS command injection through the web interface.A remote attacker can exploit those vulnerabilities by sending crafted requests to the affected service...

7.5CVSS4.3AI score0.36116EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/10/23 12:0 a.m.•16 views

Free MP3 CD Ripper WAV File Stack Buffer Overflow (CVE-2011-5165)

A vulnerability exists in Free MP3 CD Ripper 1.1. The vulnerability is due to stack-based buffer overflow when converting a file. Successful exploitation can result in arbitrary code execution via a crafted wav file...

9.3CVSS4.5AI score0.37001EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/10/23 12:0 a.m.•15 views

Hastymail2 call_user_func_array() Command Injection (CVE-2011-4542)

A command injection vulnerability exists in Hastymail 2.1.1. The vulnerability is due to improper sanitization of special elements used in a request to the server. Remote attacker can exploit this vulnerability by sending malicious HTTP requests to the target server...

7.5CVSS2.1AI score0.26063EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/10/23 12:0 a.m.•1 views

JavaScript Percent-Encoding Obfuscation

Although various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques.An example of such a technique is percent-encoding, also known as URL encoding...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/23 12:0 a.m.•3 views

PowerDNS Recursor Denial of Service (CVE-2014-3614)

A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...

5CVSS6.2AI score0.06023EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/22 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-22: CVE-2014-0558)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05073EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/22 12:0 a.m.•39 views

Oracle Database Server Insecure User Input Stack Buffer Overflow (CVE-2013-3751)

A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of user supplied input when parsing XML document data in a SQL/XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious...

9CVSS4.3AI score0.03672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/22 12:0 a.m.•16 views

Apache Camel XSLT Component Java Code Execution (CVE-2014-0003)

A code execution vulnerability has been reported in Apache Camel. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted XML message to the vulnerable server. Successful exploitation could result in the execution of arbitrary Java code...

7.5CVSS5.1AI score0.07352EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/10/21 12:0 a.m.•6 views

Adobe Flash Player ActionScript 3 Integer Overflow (APSB14-22; CVE-2014-0569)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an integer overflow condition in Adobe Flash Player. A remote attacker can exploit this vulnerability by enticing a target user to open a web page containing a specially crafted SWF file...

9.3CVSS3.7AI score0.90208EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/10/21 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-22: CVE-2014-0564)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.06192EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/20 12:0 a.m.•14 views

ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/multipartRequest" in HTTP requests. A remote unauthenticated attacker can delete...

6.4CVSS3.1AI score0.39121EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•7 views

Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)

An RSA signature forgery vulnerability exists in Mozilla Network Security Services NSS, the cryptographic library used in many applications including Firefox and Google Chrome. The vulnerability is a result of improper verification of RSA signatures due to incorrect ASN.1 parsing of the DigestInf...

7.5CVSS2AI score0.1617EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•31 views

Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)

A remote code execution vulnerability has been reported in Microsoft Object Linking and Embedding OLE technology. This vulnerability is caused when a user downloads, or receives, and then opens a Microsoft Office file which contains specially crafted OLE objects...

9.3CVSS3.5AI score0.81628EPSS
Exploits30
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•16 views

AlienVault OSSIM Framework Backup Command Execution (CVE-2014-5158)

A command execution vulnerability exists in AlienVault OSSIM Framework. The vulnerability is due to insufficient sanitization of user supplied data that is used to execute backup commands. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

10CVSS6.9AI score0.0368EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/19 12:0 a.m.•10 views

Schneider Electric SCADA Expert ClearSCADA Denial of Service (CVE-2014-5411)

A denial of service vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This can result in a...

3.5CVSS4.1AI score0.01287EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/15 12:0 a.m.•32 views

Microsoft Windows TrueType Font Parsing Remote Code Execution (MS14-058; CVE-2014-4148; CVE-2015-1671)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused due to incorrect handling of specially crafted TTF files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted web-page...

9.3CVSS5.3AI score0.54628EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/15 12:0 a.m.•10 views

Secure Socket Layer (SSL) Version 3.0 (CVE-2014-3566)

Secure Socket Layer SSL is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks. This protection may be used to prevent attacks exploiting the Poodle vulnerability...

4.3CVSS3.7AI score0.99999EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4140)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.3CVSS4.1AI score0.20683EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4138)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.32242EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•3 views

Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4132)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.16584EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•1 views

SolarWinds Storage Manager AuthenticationFilter Authentication Bypass

An authentication bypass vulnerability exists in SolarWinds Storage Manager. The vulnerability is due to a flaw within the AuthenticationFilter class. A remote unauthenticated attacker could exploit this vulnerability by bypassing the authentication filter and uploading malicious scripts to the...

2.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•4 views

Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4128)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.17209EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•19 views

Microsoft .NET Framework Remote Code Execution (MS14-057; CVE-2014-4121)

A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way .NET framework parses internationalized resource identifiers. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that...

10CVSS5.7AI score0.19227EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4126)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.21425EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS14-056: CVE-2014-4133)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.16733EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/10/14 12:0 a.m.•1 views

Windows System Files Information Disclosure

Windows operating systems contain system files with sensitive information. If not properly configured, remote attackers can view the information on such files...

3.7AI score
Exploits0
Total number of security vulnerabilities13538