Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•36 views

Microsoft Windows Common Controls Remote Code Execution - Ver2 (CVE-2012-1856)

A code execution vulnerability has been reported in the Windows Common Controls. The vulnerability is due to a corruption of the system state by the TabStrip ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected syst...

7.6AI score0.72119EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•27 views

HP Managed printing Administration jobAcct Remote Command Execution - Ver2 (CVE-2011-4166)

A command execution vulnerability has been reported in Hp Managed Printing Administration. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

7.5CVSS6.5AI score0.61756EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•34 views

Internet Explorer VML Remote Code Execution - Ver2 (CVE-2012-0155)

A code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object that has been deleted. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.3AI score0.65501EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•48 views

Microsoft Windows Cinepak Codec Remote Code Execution (MS10-055) - Ver2 (CVE-2010-2553)

The Cinepak codec is a media encoder and decoder supported by the Windows Media Player. A remote code execution vulnerability has been reported in the way the Cinepak codec handles supported format files. The vulnerability is due to an error in the Cinepak codec that fails to properly handle...

9.3CVSS7.2AI score0.30895EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•11 views

Microsoft Office PNG File Parsing Buffer Overflow - - Ver2 (CVE-2013-1331)

A buffer overflow vulnerability has been reported in Microsoft Office. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.4AI score0.81877EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•15 views

Microsoft Office RTF File listid Use-After-Free - Ver2 (CVE-2012-2528)

A use-after-free vulnerability has been reported in Microsoft Office Word. The vulnerability is due to a memory handling error while parsing specially crafted RTF Rich Text Format files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.1AI score0.22117EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•46 views

Microsoft DirectShow QuickTime Movie Parser Filter Code Execution - Ver2 (CVE-2009-1537)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The QuickTime Movie Parser filter splits Apple QuickTime data into audio and video streams. The vulnerability is due to the way Microsof...

9.3CVSS6.2AI score0.50926EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•28 views

Microsoft Windows Embedded OpenType Font Engine LZCOMP Integer Overflow - Ver2 (CVE-2010-0018)

An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType Font Engine. The vulnerability is due to insufficient validation while processing an EOT font. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.2AI score0.26523EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•24 views

Microsoft Windows Media Player ASX Parsing Buffer Overflow - Ver2 (CVE-2006-6134)

A buffer overflow vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to a buffer overflow error when processing malformed ASX file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS7.4AI score0.41285EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/31 12:0 a.m.•28 views

GDI WMF File Rendering Code Execution - Ver2 (CVE-2005-2124)

A code execution vulnerability has been reported in Microsoft GDI. An attacker could exploit this vulnerability via a crafted Windows Metafile WMF format image. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2AI score0.59625EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/30 12:0 a.m.•3 views

Anonymous DoSer Denial of Service Tool

Anonymous DoSer is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

1.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/30 12:0 a.m.•2 views

Web Servers Slow HTTP Denial of Service

A denial of service vulnerability has been reported in all web servers. The vulnerability is due to the server's inability to handle multiple specially crafted TCP packets. Remote attackers can exploit this issue by continuously sending small TCP data packets to the server...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/30 12:0 a.m.•2 views

HULK Denial of Service Tool

Hulk is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/27 12:0 a.m.•2 views

GoldenEye Denial of Service Tool

GoldenEye is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple HTTP requests that can potentially cause attacked systems to become temporarily unresponsive...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/27 12:0 a.m.•22 views

Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301)

A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...

9.3CVSS6.2AI score0.13974EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/27 12:0 a.m.•17 views

FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow - ver 2 (CVE-2014-1452)

A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote, unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of...

5.8CVSS8AI score0.01894EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/26 12:0 a.m.•17 views

Poster Software PUBLISH-iT PUI File Processing Buffer Overflow (CVE-2014-0980)

A stack buffer overflow vulnerability exists in Poster Software PUBLISH-iT. The vulnerability is due to insufficient validation on the length of entry names in a "styl" record when processing PUI files. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a...

3.8AI score0.40359EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/03/26 12:0 a.m.•5 views

OpenSSL TLS Record Tampering Denial of Service (CVE-2013-4353)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an error in handling certain TLS records during the handshake process. A remote unauthenticated attacker could exploit this vulnerability by sending tampered records to a vulnerable SSL client which could be a server...

4.3CVSS2.2AI score0.11851EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/26 12:0 a.m.•20 views

Apple Products SSLVerifySignedServerKeyExchange Security Feature Bypass (CVE-2014-1266)

There exists a security feature bypass vulnerability in Apple products. The vulnerability is due to the SSLVerifySignedServerKeyExchange function in the Secure Transport feature not checking the signature in a TLS Server Key Exchange message. This vulnerability allows man-in-the-middle attackers ...

6.1AI score0.05715EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/03/23 12:0 a.m.•22 views

SkyBlueCanvas CMS Remote Command Execution (CVE-2014-1683)

A remote code execution vulnerability has been reported in SkyBlueCanvas CMS. The vulnerability is due to the filebashMail function that allows remote attackers to execute arbitrary commands, when the pid parameter is 4. A remote attacker can exploit this vulnerability by execute arbitrary comman...

7.2AI score0.31415EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/03/23 12:0 a.m.•5 views

McAfee ePolicy Orchestrator XML External Entity (CVE-2014-2205)

An XML External Entity XXE vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to a design weakness in the ePO Web Console component. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition...

2.3AI score0.02003EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/23 12:0 a.m.•5 views

OpenSSL ssl_get_algorithm2 TLS Denial of Service - ver 2 (CVE-2013-6449)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in sslgetalgorithms2 where the SSL/TLS version is obtained from an incorrect structure leading to a NULL pointer dereference when computing a message digest. A remote unauthenticated attacker can...

4.3AI score0.21174EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/23 12:0 a.m.•28 views

Squid Proxy DNS Response Spoofing (CVE-2005-1519; CVE-2007-3898)

There exists a vulnerability in Squid Web Proxy Cache in the processing of DNS lookups. The flaw is caused by predictable transaction identifiers in DNS requests generated by Squid. A remote attacker may leverage this vulnerability to use spoofed DNS responses to poison the DNS cache on the targe...

6.4CVSS4.1AI score0.55127EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/23 12:0 a.m.•24 views

Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0307)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

4.9AI score0.72239EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2014/03/20 12:0 a.m.•2 views

WordPress Pingback Distributed Denial of Service

The XMLRPC Pingback function in WordPress can be used to force WordPress servers into sending HTTP requests to other servers. Remote attackers can leverage this function to conduct DDoS attacks by sending specially crafted HTTP requests to legitimate WordPress servers...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•9 views

PHP GLOBALS Remote File Inclusion (CVE-2006-4966)

A Remote File Inclusion vulnerability has been reported in chumpsoft phpQuestionnaire. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This...

7.5CVSS3.9AI score0.03282EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•12 views

Secure Sockets Layer (SSL) Version 2.0 (CVE-2016-0703; CVE-2016-0704; CVE-2016-0800)

Secure Socket Layer SSL is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. This protocol is considered obsolete and insecure, and is deprecated in favor of the more advanced TLS protocol. This protection will detect and block any use ...

4.3CVSS3.6AI score0.82112EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•1 views

Fraudulent SSL Certificates Man-In-The-Middle

Fake SSL certificates may be used to carry out man-in-the-middle attacks against affected targets. Successful attacks would allow attackers to decrypt legitimate online traffic...

4.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•11 views

Adobe Flash Player Address Leak Buffer Overflow (APSB14-02; CVE-2014-0492)

An address leak vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the ActionScript Virtual Machine AVM while handling malicious Flash files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted SWF file...

6.1AI score0.05691EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•1 views

Web servers PHPMyAdmin Misconfiguration Code Injection

A code injection vulnerability has been reported in PHPMyAdmin. The vulnerability is due to PHPMyAdmin misconfiguration. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/18 12:0 a.m.•1 views

Nessus Security Scanner

Nessus is a vulnerability scanning product. Remote attackers can use Nessus to detect vulnerabilities on a target server...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•8 views

PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)

A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...

7AI score0.04124EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•13 views

Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)

A Cross-Site Scripting vulnerability has been reported in Apache HTTP servers. The vulnerability is due to lack of sanitization for data supplied in the HTTP request header. A remote attacker can exploit this vulnerability by sending an HTTP request containing crafted request header to the target...

0.2AI score0.94281EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•2 views

Apache HTTP Server Format String Remote Code Execution

A remote code execution vulnerability has been reported in Apache HTTP servers. The vulnerability is due to the failure of the application in verifying string arguments that are passed to a formatting function. A remote attacker can exploit this vulnerability to inject and execute arbitrary code...

2.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•5 views

PostgreSQL Database geo_ops path_in Integer Overflow (CVE-2014-0064)

An integer overflow vulnerability has been found in PostgreSQL Database. The vulnerability is due to improper validation when processing a large number of points for a geometric data type. A remote authenticated attacker could exploit this vulnerability by sending malicious information to a table...

6.5CVSS6.9AI score0.05353EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•27 views

Microsoft IIS Input Validation Directory Traversal (CVE-2000-0884)

A directory traversal vulnerability has been reported in Microsoft IIS. The vulnerability is due to an input validation error in Microsoft IIS that does not properly sanitize the URI for directory traversal patterns. Successful exploitation of this vulnerability would allow the attacker to execut...

5.4AI score0.72073EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/03/17 12:0 a.m.•19 views

Apache Tomcat Server Malicious Request Information Disclosure (CVE-2002-2006; CVE-2002-2007; CVE-2002-2008)

An Information disclosure vulnerability has been reported in Apache Tomcat servers. The vulnerability is due to an error in the way Apache Tomcat handles specially crafted page requests. A remote attacker can exploit this vulnerability by sending crafted requests which will result in Apache Tomca...

1AI score0.41399EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•1 views

Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)

A heap buffer overflow vulnerability has been reported in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful...

3.4AI score0.06353EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•33 views

HP Data Protector CRS Multiple Stack Buffer Overflows (CVE-2013-6195)

Multiple stack buffer overflows exist in HP Data Protector. The vulnerabilities are due to a lack of input sanitization on Strings provided with various opcodes. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could...

3.7AI score0.10436EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•8 views

Oracle Java Beans DocumentHandler XML External Entity (CVE-2014-0423)

A XML external entity XXE vulnerability exists in Oracle Java.This is due to an incorrectly configured XML parser in the Beans DocumentHandler interface that readily processes XML external entities by default. A remote unauthenticated attacker may exploit this vulnerability via specially crafted...

5.5CVSS5.8AI score0.03616EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•10 views

Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)

An infinite loop vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient boundary checks when processing the Content-Type header of a multipart request. A remote attacker could exploit this vulnerability by sending a large amount of data to the server causing it to use up...

2AI score0.83175EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•16 views

Symantec Web Gateway blacklist.php Cross Site Scripting (CVE-2013-5013)

A cross-site scripting vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to an input validation error in blocklist.php. A remote attacker can exploit this vulnerability by enticing a user to follow a specially crafted URL or to submit a web form with crafted values...

2.4AI score0.02009EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•43 views

RealNetworks RealPlayer RMP File Stack Buffer Overflow (CVE-2013-6877)

A stack buffer overflow exists in RealNetworks RealPlayer. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. The vulnerability is due to an error when parsing the version and encoding attributes of the XML declaration statement. An...

5.8AI score0.11345EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/03/16 12:0 a.m.•10 views

Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)

There exists an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value resulting in the CGI...

3.7AI score0.59546EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•25 views

Apache Santuario XML Security for Java DTD Denial of Service (CVE-2013-4517)

A denial of service vulnerability exists in Apache Santuario XML Security for Java. The vulnerability is due to the allowing of Document Type Definitions DTDs when validating signatures. A remote attacker can exploit this vulnerability by providing a specially crafted XML signature. Successful...

3AI score0.08863EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•12 views

WellinTech Multiple Products kxClientDownload ActiveX Remote Code Execution (CVE-2013-2827)

A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an...

7.5AI score0.49235EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•11 views

Adobe Flash Player Information Disclosure (APSB14-08: CVE-2014-0504)

An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files...

5CVSS0.8AI score0.0408EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•12 views

Adobe Flash Player Same Origin Security Bypass (APSB14-08; CVE-2014-0503)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles URLs within HTML files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...

6.4CVSS6.1AI score0.04293EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•14 views

Microsoft Windows IPv6 Router Advertisements Denial of Service (MS14-006; CVE-2014-0254)

A denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to a design weakness in the IPv6 stack as it processes router advertisement packets. An attacker can exploit this vulnerability by sending a large number of specially crafted IPv6 packets to the...

3AI score0.32685EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/13 12:0 a.m.•4 views

Adobe Flash Player Cross-Site Scripting (APSB14-02: CVE-2014-0491)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted URLs. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

10CVSS5.6AI score0.07117EPSS
Exploits0
Total number of security vulnerabilities13538