Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/09/02 12:0 a.m.•18 views

CoolPDF Reader Image Stream Processing Buffer Overflow - ver 2 (CVE-2012-4914)

A code execution vulnerability has been reported in CoolPDF Reader. The vulnerability is due to insufficient validation of streams while processing PDF files. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a specially crafted PDF file,...

9.3CVSS4.3AI score0.28391EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/09/01 12:0 a.m.•4 views

Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0544)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.5AI score0.03978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/09/01 12:0 a.m.•2 views

Multipath TCP

Multipath TCP is a set of extensions to regular TCP that enables a single data flow to be separated and carried across multiple connections. An attacker might use these extensions to evade detection by IPS devices...

2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/31 12:0 a.m.•2 views

Jenkins Groovy Script Console Remote Code Execution

A Code Execution vulnerability has been reported in the Jenkins Groovy Script Console. The vulnerability is due to an insecure script execution on the Jenkins console. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...

1.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/31 12:0 a.m.•3 views

Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0540)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

4.5AI score0.03978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/31 12:0 a.m.•2 views

WordPress Gmedia Gallery Shell Upload

Gmedia Gallery plugin is prone to Shell Upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/28 12:0 a.m.•5 views

Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0531)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

4.3CVSS2.6AI score0.03728EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/28 12:0 a.m.•3 views

Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0533)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

4.3CVSS2.6AI score0.03728EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/27 12:0 a.m.•4 views

Web Servers Joomla Remote File Inclusion

Joomla component is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/26 12:0 a.m.•3 views

Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0542)

A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.6AI score0.03978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/25 12:0 a.m.•46 views

Symantec Endpoint Protection Manager secars.dll Buffer Overflow (CVE-2013-1612)

A buffer overflow vulnerability exists in Symantec Endpoint Protection Manager SEPM. The vulnerability is caused by insufficient boundary check while processing external input. By supplying a crafted HTTP request to the vulnerable server, a remote unauthenticated attacker can possibly exploit thi...

7.9CVSS7.7AI score0.04383EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/08/24 12:0 a.m.•2 views

Adobe Multiple Products Flash Content Parsing Code Execution (APSA10-03: CVE-2010-2884) (CVE-2010-2884)

A remote code execution vulnerability has been reported in multiple Adobe products. The vulnerability is due to an error in the way Flash files are parsed...

4.2AI score0.15621EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/08/24 12:0 a.m.•1 views

UpTime Monitoring Server Insecure File Upload Remote Code Execution

A file upload vulnerability has been reported in the UpTime monitoring server. The vulnerability is due to an insecure file upload on the post2file.php component. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...

1.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/24 12:0 a.m.•18 views

Oracle Event Processing FileUploadServlet Directory Traversal (CVE-2014-2424)

A code execution vulnerability has been reported in Oracle Event Processing. The vulnerability is due to a directory traversal within the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request...

2.8AI score0.48355EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/08/21 12:0 a.m.•2 views

Siemens Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution

A remote code execution vulnerability exists in Siemens Solid Edge. The vulnerability is due to usage of user supplied input as a memory pointer without proper validation. Successful exploitation may allow a remote attacker to read and corrupt memory from the target process...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/20 12:0 a.m.•2 views

Samba nmbd sys_recvfrom Infinite Loop Denial of Service (CVE-2014-0244)

A denial of service vulnerability has been reported in Samba server. The vulnerability is due to an infinite loop that occurs when processing specially crafted packets. A remote authenticated or guest attacker could exploit this vulnerability by sending specially crafted requests to the target...

3.3CVSS3.9AI score0.20481EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/19 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB14-18: CVE-2014-0538)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...

10CVSS3.5AI score0.07552EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/19 12:0 a.m.•17 views

Microsoft Windows Kodak Image Viewer Code Execution (MS07-055) - ver 2 (CVE-2007-2217)

A buffer overflow vulnerability has been reported in Microsoft Windows Kodak Image Viewer. The vulnerability is due to improper parsing of specially crafted image files, such as TIFF files. An attacker can exploit this vulnerability by constructing a specially crafted image and enticing a victim ...

9.3CVSS6.1AI score0.41415EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/08/14 12:0 a.m.•3 views

Adobe Flash Player and AIR Security Bypass (APSB14-18: CVE-2014-0541)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

10CVSS2.6AI score0.05584EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•6 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2820)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.7AI score0.16528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•2 views

Adobe Flash Player and AIR Security Bypass (APSB14-17; CVE-2014-0537)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

2.6AI score0.04384EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•11 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4057)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.16463EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4063)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.7AI score0.2347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•12 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2823)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS4.1AI score0.16463EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4050)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.7AI score0.16528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/12 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-2824)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS7.7AI score0.16528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/11 12:0 a.m.•8 views

WordPress MailPoet Newsletters Unauthenticated File Upload (CVE-2014-4725)

An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server...

7.5CVSS4.8AI score0.59682EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/08/10 12:0 a.m.•19 views

Yokogawa CS3000 SCADA BKFSim_vhfd.exe Remote Code Execution (CVE-2014-3888)

A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...

8.3CVSS4.5AI score0.62312EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/08/10 12:0 a.m.•11 views

HP Service Virtualization AutoPass License Server Directory Traversal (CVE-2013-6221)

A code execution vulnerability exists in HP Service Virtualization running the AutoPass License Server. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation of this vulnerability could result in creation ...

10CVSS3.4AI score0.77935EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/08/10 12:0 a.m.•13 views

MOXA Device Manager Tool SCADA Buffer Overflow (CVE-2010-4741)

A remote code execution vulnerability has been reported in MOXA Device Manager Tool. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...

9.3CVSS4.5AI score0.27841EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/08/09 12:0 a.m.•3 views

Oracle Java SE GSUB FeatureCount Buffer Overflow

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/06 12:0 a.m.•3 views

Web Login Form Password Brute Force Attempts

Many web services offer a login form for users in order to sign in. Remote attackers can try and guess the user's credentials using repeated login attempts...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/06 12:0 a.m.•33 views

HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)

A command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to...

10CVSS4.8AI score0.89394EPSS
Exploits34
Check Point Advisories
Check Point Advisories
•added 2014/08/06 12:0 a.m.•23 views

Apache HTTP Server mod_status Heap Buffer Overflow (CVE-2014-0226)

A heap buffer overflow vulnerability exists in Apache httpd. The vulnerability is due to a race condition in the modstatus module running on a server with threaded MPM.Successful exploit may result in information disclosure or code execution...

6.8CVSS1.3AI score0.85744EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/08/04 12:0 a.m.•1 views

JavaScript Code Evasion Attempt

Certain evasion tools can use JavaScript code in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•1 views

Samba DNS Reply Flag Denial of Service (CVE-2014-0239)

A denial of service vulnerability exists in Samba DNS server. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. Successful exploitation could...

5CVSS6.1AI score0.6757EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•2 views

FritzBox Webcm Unauthenticated Command Injection

A remote command injection vulnerability has been reported in different Fritz!Box devices. The vulnerability is due to insufficient validation within the web-based Interface. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to the web-based Interface...

3.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•4 views

PHP CDF File Handling Infinite Loop (CVE-2014-0238)

A denial of service vulnerability has been reported in PHP. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP. A successful attack will result in an infinite loop, which can cause a denial of service condition...

3.7AI score0.20805EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•25 views

AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution - ver 2 (CVE-2014-3804)

Multiple command execution vulnerabilities exist in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to affected...

3.1AI score0.72376EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•5 views

PUF UDP Flooder

PUF UDP Flooder is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple UDP requests that can potentially cause an affected system to become temporarily unresponsive...

2.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•10 views

Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0522)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5.1AI score0.03601EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•11 views

Rocket Servergraph Admin Center fileRequestor Directory Traversal (CVE-2014-3914)

A code execution vulnerability exists in Rocket Servergraph Admin Center. The vulnerability occurs when making an HTTP POST request to the URI /SGPAdmin/fileRequest with the parameters cmd=writeDataFile, cmd=run, cmd=runClear or cmd=del, which can be present in the Body of the request. A remote...

2.6AI score0.72606EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•6 views

McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal (CVE-2014-2536)

A directory traversal vulnerability has been reported in the ExtensionAccessServlet included in McAfee Cloud Single Sign On. The vulnerability is due to insufficient input sanitization on the GET request URI passed to the ExtensionAccessServlet. A remote unauthenticated attacker can exploit this...

4.4AI score0.02393EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/08/03 12:0 a.m.•21 views

Microsoft Windows TCP Denial of Service (MS14-031; CVE-2014-1811)

A denial-of-service vulnerability exists in Microsoft Windows and Windows Server. The vulnerability is due to TCP/IP stack failing to properly handle crafted packets. A remote unauthenticated attacker can exploit this vulnerability by sending crafted packets to the target system...

3.7AI score0.18221EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/31 12:0 a.m.•12 views

HP Intelligent Management Center BIMS UploadServlet Information Disclosure (CVE-2014-2618)

An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests...

7.8CVSS1.4AI score0.046EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/29 12:0 a.m.•31 views

HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow (CVE-2009-4180)

A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program snmpviewer.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTT...

10CVSS1.9AI score0.1387EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/29 12:0 a.m.•8 views

Adobe Flash Player JSONP Cross-Site Request Forgery (APSB14-17: CVE-2014-4671)

A cross-site request forgery CSRF vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an insufficient validation of data from JSONP callback APIs. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

4.3CVSS3.2AI score0.23024EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/07/28 12:0 a.m.•28 views

Western Digital Arkeia Remote Code Execution (CVE-2014-2846)

A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...

7.5CVSS7AI score0.08828EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/07/28 12:0 a.m.•61 views

TR-069 Auto Configuration Servers Multiple Vulnerabilities (CVE-2014-2840; CVE-2014-4916; CVE-2014-4917; CVE-2014-4918; CVE-2014-4956; CVE-2014-4957)

The TR-069 protocol allows remote management of end-user broadband devices. Several vulnerabilities have been detected in certain TR-069 server implementations, that could allow a remote attacker to obtain administrative access to the servers or execute arbitrary code on them...

7.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/28 12:0 a.m.•7 views

D-Link HNAP Request Stack Buffer Overflow (CVE-2014-3936)

A remote code execution vulnerability exists in D-Link routers. The vulnerability is due to a stack buffer overflow while processing crafted HTTP POST requests addressed to the HNAP handler. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected...

10CVSS5.7AI score0.76555EPSS
Exploits6
Total number of security vulnerabilities13538