Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/07/27 12:0 a.m.•3 views

libav LZO Integer Overflow (CVE-2014-4609)

A code execution vulnerability exists in the libav library. The vulnerability is due to an integer overflow while processing literal runs in the LZO compressed data. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted file with an...

6.8CVSS4.5AI score0.05739EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/27 12:0 a.m.•26 views

WellinTech KingSCADA kxNetDispose.dll Stack Buffer Overflow (CVE-2014-0787)

A stack buffer overflow vulnerability has been reported in WellinTech KingSCADA. The vulnerability is due to insufficient validation on the size of the data. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious packet to the KingSCADA server...

10CVSS4.2AI score0.1602EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/07/24 12:0 a.m.•1 views

Adobe Flash Player and AIR Security Bypass (APSB14-17: CVE-2014-0539)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

7.5CVSS2.6AI score0.04384EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/23 12:0 a.m.•9 views

Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0523)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5.1AI score0.04035EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/23 12:0 a.m.•12 views

Sixnet Sixview Web Console Directory Traversal (CVE-2014-2976)

Sixnet Sixview contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input. With a specially crafted request, a remote attacker can gain access to arbitrary files...

5CVSS5.4AI score0.03743EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/07/22 12:0 a.m.•7 views

Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1775)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.1AI score0.22848EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/21 12:0 a.m.•6 views

HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)

An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

7.5CVSS5.9AI score0.0485EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/21 12:0 a.m.•11 views

Symantec Web Gateway Multiple PHP Pages Cross Site Scripting (CVE-2014-1652)

A cross-site scripting vulnerability exists in Symantec Web Gateway. Successful exploitation could result in attacker-controlled script code being executed in the browser context of the Symantec Web Gateway management console. The vulnerability is due to improper validation of "variable",...

2.3CVSS1.6AI score0.01702EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/21 12:0 a.m.•30 views

Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)

A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...

10CVSS6.7AI score0.39589EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/07/20 12:0 a.m.•2 views

Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0532)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

4.3CVSS2.6AI score0.03788EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/20 12:0 a.m.•1 views

Adobe Flash Player Security Bypass (APSB14-16: CVE-2014-0534)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file using...

7.5CVSS2.8AI score0.0609EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/20 12:0 a.m.•34 views

AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...

10CVSS4AI score0.13072EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•4 views

Web Servers Frequency Clock Remote File Inclusion (CVE-2007-2936)

A Remote File Inclusion vulnerability has been reported in Frequency Clock. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

5.3AI score0.07011EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

Multiple PHP Servers C100shell Backdoor Command Execution

A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

JPEG Files Containing Suspicious Comments

Certain JPEG files may contain malicious code, hidden within the comments marker...

1.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•8 views

SAP Sybase Event Stream Processor esp_parse Remote Code Execution (CVE-2014-3457)

Two unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. A remote attacker can leverage these vulnerabilities by sending crafted requests...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-16; CVE-2014-0536)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

4.4AI score0.10912EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•5 views

PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)

A heap buffer vulnerability exists in the phpparserr function in PHP. The vulnerability is due to an error in parsing malformed DNS TXT records. An attacker can exploit this vulnerability if the application uses the vulnerable function...

5.1CVSS3.4AI score0.1091EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

Adobe Flash Player and AIR Security Bypass (APSB14-16; CVE-2014-0535)

A security bypass vulnerability has been reported in Adobe Flash Player and Adobe AIR. The vulnerability is due to an error while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

2.3AI score0.10052EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•8 views

Web Servers W-Agora Remote File Inclusion (CVE-2002-1878)

A Remote File Inclusion vulnerability has been reported in W-Agora. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...

6.3AI score0.02558EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

Multiple PHP Servers C99shell Backdoor Command Execution

A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•1 views

RIG Exploit Kit Website Redirection

A website redirection vulnerability has been reported in PHP. A remote attacker can exploit this vulnerability to infect users with the RIG exploit kit...

3.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

Wordpress Timthumb WebShot Vulnerability Code Execution

A vulnerability in TimThumb's "Webshot" feature allows for certain commands to be remotely executed on vulnerable websites with no authentication. An attacker can create, remove and modify any files on the affected server...

4.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•7 views

Web Servers BurnCMS Remote File Inclusion (CVE-2007-2364)

A Remote File Inclusion vulnerability has been reported in BurnCMS. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...

5.7AI score0.08526EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•6 views

Web Servers PHPCodeCabinet Remote File Inclusion (CVE-2006-4044)

A Remote File Inclusion vulnerability has been reported in PHPCodeCabinet. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

6.1AI score0.03184EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•3 views

Oracle Java awt_setPixels Information Disclosure (CVE-2014-0429)

An information disclosure vulnerability exists in Oracle Java. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in the disclosure of the memory contents...

2.4AI score0.07571EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•5 views

Web Servers PHPFullAnnu Remote File Inclusion (CVE-2006-4644)

A Remote File Inclusion vulnerability has been reported in phpFullAnnu. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

5.7AI score0.02699EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•14 views

Web Servers VWar Remote File Inclusion (CVE-2006-1503)

A Remote File Inclusion vulnerability has been reported in VWar. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was previously...

6.2AI score0.01971EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•16 views

Web Servers Tosmo Mambo Remote File Inclusion (CVE-2007-2317)

A Remote File Inclusion vulnerability has been reported in Tosmo Mambo. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

5.5AI score0.08034EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•2 views

Multiple PHP Servers DQ99shell Backdoor Command Execution

A command execution vulnerability has been reported in multiple PHP servers. The vulnerability is due to the existence of a backdoor file on the PHP server within a specific library. A remote attacker can exploit this vulnerability by sending a request to the malicious backdoor file...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•9 views

Web Servers mxBB MX Smartor Remote File Inclusion (CVE-2007-2189)

A Remote File Inclusion vulnerability has been reported in mxBB MX Smartor. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

4.9AI score0.05088EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•22 views

CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)

A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...

2.2AI score0.05289EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•13 views

Microsoft Word RTF listoverridecount Memory Corruption (MS14-017; CVE-2014-1761)

A memory corruption vulnerability exists in Microsoft Word. The vulnerability is due to improper handling of structures when parsing a specially crafted RTF document. Remote, unauthenticated attackers could exploit this vulnerability by enticing the target user to open a specially crafted RTF fil...

4.2AI score0.77734EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2014/07/16 12:0 a.m.•12 views

Advantech WebAccess SCADA webvact.ocx GotoCmd Buffer Overflow (CVE-2014-0765)

A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This vulnerability is due to insufficient input validation on the GotoCmd parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this...

6.6AI score0.02672EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/15 12:0 a.m.•5 views

Web Servers CBSMS Mambo Remote File Inclusion (CVE-2006-3294)

A Remote File Inclusion vulnerability has been reported in CBSMS Mambo. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

5.1CVSS5.1AI score0.03024EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/07/15 12:0 a.m.•8 views

Telecom Italia DownloaderActiveX.ocx ActiveX Control Code Execution (CVE-2008-2551)

An attacker may use the vulnerable ActiveX control in order to download and execute arbitrary files in the context of the currently logged-on user...

9.3CVSS5.5AI score0.46936EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/07/14 12:0 a.m.•2 views

Samsung iPOLiS Device Manager FindConfigChildeKeyList Buffer Overflow (CVE-2014-3912)

A stack-based buffer overflow vulnerability has been reported in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller ActiveX control. A remote attacker can exploit these vulnerabilities by enticing a user to...

9.3CVSS6.9AI score0.04417EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/14 12:0 a.m.•7 views

Rocket Servergraph Admin Center userRequest and tsmRequest Command Execution (CVE-2014-3915)

Multiple vulnerabilities exist in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs userRequest and tsmRequest. A remote...

10CVSS2.6AI score0.03119EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/14 12:0 a.m.•20 views

Oracle Data Quality PostcardPreviewInt onclose Untrusted Pointer Dereference (CVE-2014-2415)

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.TransformerTools.PostcardPreviewInt ActiveX control. A remote attacker can exploit this vulnerability by...

5CVSS7.2AI score0.01343EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/14 12:0 a.m.•24 views

AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution (CVE-2014-3804)

Multiple command execution vulnerabilities has been reported in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to...

10CVSS6.9AI score0.72376EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/07/13 12:0 a.m.•1 views

HP Release Control Authenticated Privilege Escalation

A privilege escalation vulnerability exists in HP Release Control. The vulnerability is due to a design weakness in implementing access control restrictions to the "updateUserPassword" method. A remote, authenticated but unprivileged user is able to exploit this vulnerability by sending...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/13 12:0 a.m.•13 views

Web Servers WAnewsletter Remote File Inclusion (CVE-2007-2969)

A Remote File Inclusion vulnerability has been reported in WAnewsletter. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...

7.5CVSS5.8AI score0.61727EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/07/13 12:0 a.m.•18 views

Oracle Data Quality FileChooserDlg onChangeDirectory Untrusted Pointer Dereference (CVE-2014-2418)

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscTools.FileChooserDlg ActiveX control. A remote attacker can exploit this vulnerability by enticing a user ...

3.8AI score0.01343EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/10 12:0 a.m.•4 views

Adobe Flash Player Sandbox Security Bypass (APSB14-14: CVE-2014-0519)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...

7.5CVSS1.5AI score0.04443EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/10 12:0 a.m.•3 views

SAP Sybase Event Stream Processor esp_parse ConnectionType Unsafe Pointer Dereference (CVE-2014-3458)

Five unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor ESP. These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, an remote attacker can caus...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/10 12:0 a.m.•9 views

Adobe Acrobat and Reader Memory Corruption (APSB14-15: CVE-2014-0528)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS5.1AI score0.04701EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/08 12:0 a.m.•20 views

Microsoft Internet Explorer Memory Corruption (MS14-037; CVE-2014-1765)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

4.1AI score0.1565EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/08 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2797)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.7AI score0.16393EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/08 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2801)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.7AI score0.2347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/07/08 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS14-037: CVE-2014-2787)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7.6AI score0.16393EPSS
Exploits0
Total number of security vulnerabilities13538