Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•2 views

Squid Range Header Denial of Service (CVE-2014-3609)

A denial of service vulnerability has been reported in Squid. The vulnerability is due to insufficient validation of range headers. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected server. A successful attack will lead to a...

5CVSS4.5AI score0.5622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•21 views

AlienVault OSSIM av-centerd Util.pm remote_task Arbitrary Command Execution (CVE-2014-5210)

The vulnerability is due to a failure to safely sanitize remotetask SOAP requests within Util.pm. this vulnerability can be exploit by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges...

10CVSS4.6AI score0.14917EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•36 views

Attachmate Reflection FTP Client ActiveX GetSiteProperties3 Memory Corruption (CVE-2014-0606)

A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. Successful exploitation could lead to remote code execution under the security context of the affected user...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•7 views

Multiple Vendors LDAP Server Remote Denial of Service Vulnerabilities (CVE-2011-0917)

An integer overflow vulnerabilities exists in IBM Lotus Domino's LDAP service and IBM Tivoli Directory Server. The vulnerabilities is due to incorrect handling of the name parameter by the library nnotes.dll when it processes ASN.1-encoded LDAP BindRequests. An attacker may leverage this issue by...

10CVSS2.7AI score0.14302EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•47 views

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

5.8CVSS5.2AI score0.18278EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•8 views

Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service (CVE-2014-5266)

A denial of service vulnerability has been reported in Drupal Core. The vulnerability can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...

5CVSS2.9AI score0.24385EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/09/22 12:0 a.m.•15 views

SENKAS Kolibri Webserver GET Request Buffer Overflow (CVE-2014-4158)

A stack buffer overflow vulnerability has been reported in SENKAS Kolibri Webserver 2.0. The vulnerability is due to a boundary error when handling GET request. A remote unauthenticated attacker can exploit the service by sending a crafted GET request to the target service...

7.5CVSS3.4AI score0.14301EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•0 views

Microsoft Internet Explorer onreadystatechange Use After Free

A use after free vulnerability exists in Microsoft Internet Explorer. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•6 views

Adobe Acrobat and Reader Memory Corruption (APSB14-20: CVE-2014-0565)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5.1AI score0.05363EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0552)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05756EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•8 views

Adobe Reader and Acrobat JavaScript Heap Overflow (APSB14-20; CVE-2014-0567)

A heap overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of...

10CVSS2.9AI score0.09655EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•5 views

Samba nmbd unstrcpy Buffer Overflow (CVE-2014-3560)

A buffer overflow vulnerability has been reported in Samba server. The vulnerability is due to using incorrect buffer size in a string copy operation in the nmbd daemon. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious packets to a vulnerable nmbd service...

7.9CVSS3.8AI score0.56378EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•10 views

Adobe Acrobat and Reader Sandbox Bypass (APSB14-20; CVE-2014-0568)

A sandbox Security Bypass vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in the sandbox protection mechanism. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

10CVSS3.2AI score0.04122EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•8 views

Oracle Java AtomicReferenceFieldUpdater Type Confusion (CVE-2014-4262)

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a type confusion flaw in AtomicReferenceFieldUpdater class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing maliciously crafted Java applet...

9.3CVSS3.2AI score0.05577EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•25 views

PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)

A memory corruption vulnerability exists in PHP. The vulnerability is due to type confusion in the unserialize function for SPL ArrayObject and SPLObjectStorage. An attacker can exploit this vulnerability if the application uses the vulnerable function...

7.5CVSS3.1AI score0.30128EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•8 views

Adobe Flash Player and AIR Heap Overflow (APSB14-21; CVE-2014-0559)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an improper buffer allocation while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4AI score0.12991EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•8 views

Oracle Business Intelligence Mobile App Designer Information Disclosure (CVE-2014-4249)

An information disclosure vulnerability exists in Oracle Business Intelligence Mobile App Designer. The vulnerability is due to insufficient input validation of certain parameters. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable...

5CVSS5.9AI score0.02421EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•30 views

HP Universal CMDB Default Credentials Arbitrary File Upload (CVE-2014-2617)

A code execution vulnerability exists in HP Universal CMDB. The vulnerability is due to the use of hard-coded credentials when processing HTTP requests. A remote attacker can upload arbitrary files to arbitrary locations using the default credentials...

10CVSS7.2AI score0.12235EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•19 views

HP Network Virtualization storedNtxFile Directory Traversal (CVE-2014-2625)

A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "storedNtxFile" method. A remote, unauthenticated attacker can leverage this vulnerability to gain access to sensitive informati...

8.5CVSS2.8AI score0.09938EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/21 12:0 a.m.•27 views

HP Network Virtualization toServerObject Directory Traversal (CVE-2014-2626)

A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "toServerObject" method. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to...

9.4CVSS2.8AI score0.19407EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/17 12:0 a.m.•20 views

Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...

4.3CVSS1.7AI score0.37156EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/17 12:0 a.m.•10 views

Symantec Web Gateway dbutils.php SQL Injection (CVE-2014-1651)

An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable...

5.8CVSS1.2AI score0.01976EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/16 12:0 a.m.•2 views

CommuniGate Systems CommuniGate Pro LDAP Server Buffer Overflow

There exists a buffer overflow vulnerability in CommuniGate Systems CommuniGate Pro LDAP server. The flaw is caused by improper validation of the user supplied LDAP message. An attacker may exploit this vulnerability to cause a denial of service condition of the affected server...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/16 12:0 a.m.•24 views

Attachmate Reflection FTP Client ActiveX GetGlobalSettings Memory Corruption (CVE-2014-0603)

A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. Successful exploitation could lead to arbitrary code execution under the security context of the browser...

10CVSS3.1AI score0.05668EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/16 12:0 a.m.•5 views

PhpMyAdmin REQUEST Superglobal Remote Variable Manipulation

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/16 12:0 a.m.•2 views

PhpMyAdmin SERVER Superglobal Remote Variable Manipulation

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/16 12:0 a.m.•16 views

Oracle Java System.arraycopy Race Condition (CVE-2014-0456)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to a race condition in System.arraycopy. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

10CVSS3.8AI score0.06638EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/15 12:0 a.m.•3 views

Oracle Java Generic Signature Attribute Memory Corruption (CVE-2014-4216)

A memory corruption vulnerability exists in Oracle Java. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution...

9.3CVSS4.3AI score0.0536EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/15 12:0 a.m.•34 views

Apache HTTP Server error handling malformed HTTP headers Denial of Service (CVE-2014-0117)

A denial of service vulnerability has been reported in Apache HTTP server. The vulnerability is due to an error handling malformed HTTP headers. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server...

4.3CVSS2.6AI score0.35543EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/09/14 12:0 a.m.•0 views

PhpMyAdmin GLOBALS Superglobal Remote Variable Manipulation

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

4.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/14 12:0 a.m.•2 views

MIT Kerberos SPNEGO Acceptor acc_ctx_cont Denial of Service (CVE-2014-4344)

A denial-of-service vulnerability exists in the MIT Kerberos 5. The vulnerability is due to a NULL pointer dereference in accctxcont in SPNEGO Acceptor for continuation tokens. A remote, unauthenticated attacker can exploit this vulnerability by sending an empty token as the second or later conte...

7.8CVSS3.5AI score0.06614EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/14 12:0 a.m.•15 views

PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)

A remote variable manipulation vulnerability has been reported in PhpMyAdmin. The vulnerability is due to insufficient validation of request parameters. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in...

5CVSS4.3AI score0.0219EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/09/11 12:0 a.m.•4 views

Mozilla Firefox SharedWorker MessagePort Use After Free (CVE-2014-1548)

A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to a memory corruption issue when handling SharedWorker objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to visit a malicious page...

10CVSS1.6AI score0.05811EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/11 12:0 a.m.•5 views

Google Chrome locationAttributeSetter Use After Free (CVE-2014-1713)

A use after free vulnerability exists in Google Chrome. A remote attacker could exploit this vulnerability by enticing a user to open a crafted web page. Successful exploitation could result in code execution in the context of the currently logged in user...

7.5CVSS3AI score0.02272EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4082)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.16393EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS14-052; CVE-2014-4081)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.1AI score0.25549EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•7 views

Adobe Flash Player Same Origin Policy Bypass (APSB14-14; CVE-2014-0516)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

7.5CVSS4.1AI score0.03912EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4088)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.15993EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4086)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.16393EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4089)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.22736EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•3 views

Adobe Flash Player Memory Leakage (APSB14-18; CVE-2014-0543)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

4.5AI score0.03978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4095)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15993EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4092)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.15993EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•16 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4094)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.22736EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4080)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.25549EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-052; CVE-2014-4087)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

7AI score0.15993EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•16 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-2799)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15145EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•14 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4065)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.15145EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/09 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS14-052: CVE-2014-4084)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.2347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/07 12:0 a.m.•4 views

Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0545)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.5AI score0.03978EPSS
Exploits0
Total number of security vulnerabilities13538