Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/05/20 12:0 a.m.•2 views

TLS Servers Cipher Suites Vulnerability Scanning Tools

Several vulnerability scanning tools are designed to gather supported cipher suites information from TLS servers. Such scans might indicate an attempt to disclose information about a server, as a preparation for an attack...

1.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/19 12:0 a.m.•4 views

Ecava IntegraXor Buffer Overflow (CVE-2010-4597)

A remote code execution vulnerability has been reported in Ecava IntegraXor. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...

10CVSS4.4AI score0.18823EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/19 12:0 a.m.•3 views

OpenSSL do_ssl3_write Denial of Service (CVE-2014-0198)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in dossl3write in ssl/s3pkt.c. A remote unauthenticated attacker could exploit this vulnerability by triggering the generation of an Alert, leading to a NULL pointer dereference and causing a deni...

4.3CVSS3.6AI score0.43828EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/19 12:0 a.m.•7 views

Microsoft Windows iSCSI Target Denial of Service (MS14-028; CVE-2014-0255)

A denial-of-service vulnerability exists in Microsoft Windows Servers where the iSCSI target role is enabled. The vulnerability is due to memory exhaustion when handling iSCSI packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a large number of specially craft...

5CVSS6.2AI score0.41784EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/19 12:0 a.m.•10 views

Adobe Acrobat And Reader Use-After-Free (APSB14-15; CVE-2014-0527)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful exploitatio...

4AI score0.13364EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•1 views

JavaScript Malicious Obfuscation Techniques - Ver2

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Since the exploits are obfuscated they may not be detected by IDS and IPS systems, thus allowing attackers to successfully attack target machines...

4.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•14 views

Schneider Electric ClearSCADA OPF File Parsing Out of Bounds Array Indexing (CVE-2014-0779)

A code execution vulnerability has been reported in Schneider Electric ClearSCADA. The vulnerability is due improper validation of a length parameter that is used to index an array in the OPF File parsing component. A remote attacker could exploit this vulnerability by enticing the target user to...

4.1AI score0.01487EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•1 views

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Command Execution

Multiple remote command execution vulnerabilities exist in RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX. The vulnerabilities are due to design flaws in three insecurely implemented methods. An attacker can leverage these vulnerabilities by enticing a target user to open a crafted web page...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•2 views

RARLAB WinRAR Zip Format Filename Spoofing

A file name spoofing vulnerability has been reported in RARLAB's WinRAR. The vulnerability is due to a design weakness when processing zip format archives. Successful exploitation could allow for arbitrary code execution in the security context of the logged in user...

7.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•4 views

PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)

A denial of service vulnerability has been reported in PHP Fileinfo. Successful exploitation could result in a denial of service condition. The vulnerability is due to call stack exhaustion when mget handles a magic string. A remote attacker can exploit this flaw by sending a malicious request...

7.2AI score0.0507EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•2 views

OpenLDAP rwm Overlay Denial of Service - ver 2 (CVE-2013-4449)

A denial of service vulnerability has been reported in OpenLDAP. The vulnerability is due to an error in reference counting in the rwm overlay. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server...

3.4AI score0.10913EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•22 views

CA Erwin Web Portal Multiple Directory Traversal Vulnerabilities (CVE-2014-2210)

Multiple directory traversal vulnerabilities have been reported in CA ERwin Web Portal. The vulnerabilities are due to lack of authentication and insufficient input validation in the FileAccessServiceProvider and ProfileIconServlet servlets when processing HTTP requests. By sending crafted HTTP...

7.1AI score0.05289EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB14-14: CVE-2014-0510)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS6.5AI score0.08486EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•11 views

Advantech WebAccess SCADA webvact.ocx UserName Buffer Overflow (CVE-2014-0770)

A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the UserName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. Successful exploitation could lead to code execution in the context of the...

7.2AI score0.02622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•10 views

PHP Libmagic Portable Executable Out-Of-Bounds Memory Access (CVE-2014-2270)

An out-of-bounds memory access vulnerability exists in PHP Libmagic. The vulnerability is due to the way the file utility determines the type of Portable Executable PE format files. A remote attacker can exploit this flaw by uploading a malicious PE file to a vulnerable server...

3AI score0.04318EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•2 views

Xerox DocuShare ResultBackgroundJobMultiple SQL Injection

An SQL injection vulnerability has been reported in Xerox DocuShare. The vulnerability is due to insufficient validation of requests sent to ResultBackgroundJobMultiple. A remote attacker can exploit this vulnerability by sending a specially crafted request to the target service. This can result ...

8.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•30 views

Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)

An arbitrary PHP code execution vulnerability has been reported in Horde . An attacker can exploit this vulnerability to execute arbitrary code with the permissions of the web server...

3.2AI score0.42895EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•10 views

Apache Struts ActionForm ClassLoader Security Bypass (CVE-2014-0114)

A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by the ActionForm class allowing for manipulation of the ClassLoader. A remote unauthenticated attacker could exploit this vulnerability by providing a "class" parameter in...

7.5CVSS1.6AI score0.96121EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•13 views

FreePBX config php Code Execution (CVE-2014-1903)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...

3.3AI score0.52186EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/05/18 12:0 a.m.•34 views

Red Hat JBoss Seam InterfaceGenerator Information Disclosure (CVE-2013-6448)

An information disclosure vulnerability exists in Red Hat JBoss Seam Framework. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web...

6.1AI score0.01431EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/15 12:0 a.m.•19 views

Adobe Reader Mobile JavaScript Interface Java Code Execution (CVE-2014-0514)

A code execution vulnerability exists in Adobe Mobile Reader for Android. The vulnerability is due to a failure to restrict access to certain JavaScript interfaces. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted document...

3.1AI score0.72189EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/05/15 12:0 a.m.•13 views

Yokogawa CENTUM CS 3000 SCADA Remote Code Execution (CVE-2014-0782)

A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to insecure usage of memory creation...

8.3CVSS7.3AI score0.56839EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•17 views

InduSoft Web Studio Directory Traversal (CVE-2014-0780)

A directory traversal vulnerability has been reported in InduSoft Web Studio. The vulnerability is due to insufficient validation of certain requests while using the development web server. An unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable...

7.5CVSS6.3AI score0.74548EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•6 views

Advantech WebAccess SCADA bwocxrun.ocx Command Execution (CVE-2014-0773)

A command execution vulnerability has been reported in Advantech WebAccess SCADA software. The vulnerability is due to insufficient input validation while parsing the first parameter of the bwocxrun.ocx ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by entici...

6.5AI score0.02519EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•7 views

Red Hat CloudForms Management Engine SQL Injection (CVE-2013-2050)

An SQL injection has been reported in Red Hat CloudForms Management Engine. The vulnerability is due to improper sanitization of in the "explorer" action of "miqpolicy" controller. A remote attacker can exploit this vulnerability via the profile parameter in an explorer action...

7.5CVSS7.6AI score0.15659EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•7 views

Linux Kernel IPv6 Router Advertisement Packets Processing Denial of Service (CVE-2014-2309)

A denial of service vulnerability exists in the Linux kernel. The vulnerability is due to the way it handles IPv6 router advertisement packets. A remote attacker can exploit this vulnerability by sending maliciously crafted packets to a vulnerable system...

3.3AI score0.02426EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•22 views

Red Hat CloudForms AgentController Directory Traversal (CVE-2013-2068)

A directory traversal vulnerability has been reported in Red Hat CloudForms. This vulnerability is due to improper sanitization of of the "filename" GET parameter passed to the "linuxpkgs" method of the AgentController. A remote unauthenticated attacker can exploit this vulnerability by sending...

9.4CVSS6.5AI score0.58624EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/05/14 12:0 a.m.•27 views

Yokogawa CENTUM CS 3000 SCADA Buffer Overflow (CVE-2014-0784)

A remote code execution vulnerability has been reported in Yokogawa CENTUM CS 3000. The vulnerability is due to a stack based buffer overflow when handling specially crafted packets...

8.3CVSS7.6AI score0.36035EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•18 views

Microsoft Internet Explorer Memory Corruption (MS14-029; CVE-2014-0310)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

7AI score0.17351EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•3 views

China Chopper Web Shell Remote Code Execution

China Chopper Web Shell is a malware designed to infect Web servers. The malware has a Web shell command-and-control CnC client binary and a text-based Web shell payload server component. Post infection, the malware enables remote attackers to execute arbitrary code on affected systems...

5.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•9 views

Adobe ColdFusion Server invoke() Method Code Execution (CVE-2013-3350)

A remote code execution has been reported in Adobe ColdFusion server. The vulnerability is due to a bug in the invoke method. A remote attacker can exploit this issue by changing values on a page hosted on the affected server...

10CVSS7.2AI score0.07563EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS14-029: CVE-2014-1815)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

9.3CVSS7AI score0.20263EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•12 views

Advantech WebAccess SCADA webvact.ocx NodeName Buffer Overflow (CVE-2014-0764)

A stack buffer overflow has been reported in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the NodeName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by...

6.6AI score0.02672EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•25 views

Microsoft SharePoint Cross-site Scripting (MS14-022; CVE-2014-1754)

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affecte...

6.1AI score0.11073EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•27 views

Microsoft Windows SMB Response Handling Buffer Overflow - ver 2 (CVE-2005-0045)

A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client component. A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system. Successful exploitation would allow an attacker to take comple...

7.1AI score0.73094EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•2 views

Executable File With Non-Executable File Extension Arbitrary File Execution

Certain malicious executable files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•6 views

Cisco Prime Security Manager Cross-Site Scripting (CVE-2014-2118)

A cross-site scripting vulnerability has been reported in Cisco Prime Security Manager. The vulnerability is due to lack of sanitation on URL parameters. A remote attacker can exploit this vulnerability by sending a specially crafted request to an affected server...

5.7AI score0.01807EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/13 12:0 a.m.•2 views

Conficker Shellcode Remote Code Execution

Conficker is a computer worm that targets Windows users. Once resident, the worm has several mechanisms for pushing or pulling executable payloads over the network. These payloads are used by the worm to update to newer variants and to install additional malware...

5.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•0 views

Tftpd32 DNS Server Buffer Overflow - ver 2

A buffer overflow vulnerability has been reported in Tftpd32. The vulnerability is due to an error in the way the DNS component of Tftpd32 handles specially crafted domain labels. A remote attacker can exploit this issue by sending a specially crafted DNS query to a vulnerable Tftpd32 server...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•2 views

GnuTLS Certificate Verification Policy Bypass (CVE-2014-0092)

A policy bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in validating certificates. A remote attacker can employ this vulnerability to bypass certificate validation performed by an application using a vulnerable version of the GnuTLS library...

5.8CVSS3.9AI score0.29958EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•1 views

Vtiger CRM Install Script Remote Command Execution

A command execution vulnerability has been reported in Vtiger CRM. The vulnerability is due to an arbitrary command execution in install script. A remote attacker may exploit this vulnerability by overwriting the target database configuration...

7.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•6 views

Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java...

10CVSS2.6AI score0.08383EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/08 12:0 a.m.•24 views

FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)

A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny servi...

5CVSS6.4AI score0.03651EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/07 12:0 a.m.•8 views

Samba Root File System Access Security Bypass (CVE-2009-0022)

A security bypass vulnerability exists in Samba. The vulnerability is due to a design weakness when registry based share definition is enabled. A remote attacker may leverage this vulnerability to gain read-only access to the local file system in the security context of the Samba service...

6.3CVSS6.3AI score0.03534EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/07 12:0 a.m.•19 views

Synology DiskStation Manager SLICEUPLOAD Code Execution (CVE-2013-6955)

An arbitrary file upload vulnerability exists in Synology DiskStation Manager. The vulnerability exists in webman/imageSelector.cgi. A remote unauthenticated attacker can append data to files by sending specially crafted HTTP requests to the server and execute arbitrary code through that...

10CVSS2.6AI score0.84571EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/05/04 12:0 a.m.•3 views

IcoFX Stack Buffer Overflow (CVE-2013-4988)

A stack buffer overflow has been reported in IcoFX. The vulnerability is due to an error while parsing specially crafted .ico files. A remote attacker can exploit this issue by enticing a user to open a malicious .ico file...

9.3CVSS6.6AI score0.66998EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2014/05/04 12:0 a.m.•4 views

Oracle Java ServiceLoader Exception Handling Sandbox Bypass (CVE-2014-0457)

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a flaw in exception handling of the ServiceLoader class. This flaw could be used to disable the security manager and run Java code with full privileges. A remote, unauthenticated attacker can exploit this...

10CVSS5.9AI score0.07279EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/04 12:0 a.m.•2 views

Nagios Remote Plugin Executor Command Injection

A command injection vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters containing newline characters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on th...

8.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/05/04 12:0 a.m.•13 views

Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)

A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with t...

9.3CVSS7.5AI score0.04072EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/05/01 12:0 a.m.•0 views

SSH Over DNS Tunneling

SSH over DNS tunneling can be used by attackers to disclose unauthorized information. A remote attacker can use DNS tunneling methods to circumvent security products...

3.6AI score
Exploits0
Total number of security vulnerabilities13538