Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•3 views

Firefox HTML URL Unicode Stack Buffer Overflow - Ver2 (CVE-2008-0016)

A buffer overflow vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

10CVSS9.7AI score0.43921EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•38 views

B-net Software Content Management System shout.php name Parameter XSS - Ver2 (CVE-2006-0078)

A cross-site scripting vulnerability has been reported in Haddad Said B-net Software 1.0. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

5.9AI score0.01762EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•4 views

Multiple Antivirus Products TAR file parser Security Bypass - Ver2 (CVE-2012-1459)

A security bypass vulnerability has been reported in multiple antivirus products. A remote attacker could Successful exploitation of this vulnerability by using a specailly crafted TAR archive with a Tar archive entry with a length field corresponding to that entire entry, plus part of the header...

6.2AI score0.99809EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•12 views

PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)

A denial-of-service vulnerability has been reported in PHP. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS6.3AI score0.83911EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•50 views

Windows Media Player ActiveX Missing Codec Code Execution - Ver2 (CVE-2010-0268)

A code execution vulnerability has been reported in Microsoft Windows Xp, Microsoft Windows Media Player and Microsoft Windows 2000. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS7.3AI score0.20122EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•21 views

Microsoft PowerPoint Converter SoundEntity Record Code Execution - Ver2 (CVE-2009-1128)

A code execution vulnerability has been reported in Microsoft Office PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafted older PowerPoint 95 formatted files. A remote attacker could exploit this vulnerability by...

7.4AI score0.27472EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•28 views

Microsoft PowerPoint TxMasterStyle10Atom Processing Code Execution (MS08-051) - Ver2 (CVE-2008-1455)

Microsoft PowerPoint is a popular presentation program. . A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory calculation error in Microsoft PowerPoint when parsing bullet list values in specially crafted PowerPoint files. A remo...

6.8CVSS7.2AI score0.25513EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•75 views

Avaya IP Office CCR ImageUpload.ashx Unrestricted File Upload Code Execution - Ver2 (CVE-2012-3811)

A code execution vulnerability has been reported in Avaya IP Office Customer Call Reporter. The vulnerability is due to insufficient restriction of content uploaded to the server by ImageUpload. A remote attacker could exploit this vulnerability by uploading a file to a server running the...

7.5AI score0.62876EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•33 views

Microsoft Windows LNK PIF Code Execution - Ver2 (CVE-2010-2568)

A code execution vulnerability has been reported in Microsoft Windows 7, Microsoft Windows Vista, Microsoft Windows Xp, Microsoft Windows 2003 Server, Microsoft Windows Server 2003 and Microsoft Windows Server 2008. Successful exploitation of this vulnerability could allow a remote attacker to...

8.8AI score0.91324EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•11 views

Microsoft Windows Object Packager Dialogue Spoofing Command Execution - Ver2 (CVE-2006-4692)

A command execution vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.2AI score0.27697EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•13 views

CsSearch csSearch.cgi Arbitrary Command Execution - Ver2 (CVE-2002-0495)

A command execution vulnerability has been reported in Cgiscript.net Cssearch. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS7.3AI score0.13092EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•14 views

Internet Explorer Mouse Drag Hijack Arbitrary File Execution - Ver2 (CVE-2004-0841)

An arbitrary file execution vulnerability has been reported in Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute and install arbitrary programs on the affected system...

6.8AI score0.48733EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•38 views

Microsoft Office Excel Record Parsing Use After Free (MS11-072) - Ver2 (CVE-2011-1986)

A remote code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to lack of validation of certain record structures while handling specially crafted Excel files. A remote attacker could trigger this vulnerability by enticing an unsuspecting user to open ...

9.3CVSS7AI score0.21507EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•20 views

Microsoft Works File Converter Heap Overflow - Ver2 (CVE-2012-0177)

A buffer overflow vulnerability has been reported in Microsoft Works. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.4AI score0.30052EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•15 views

Adobe Illustrator EPS File DSC Comment Buffer Overflow - Ver2 (CVE-2009-4195)

Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals, including web and interactive designers and developers, multimedia producers, motion graphics and visual effects designers, animators, and video professionals. A buffer overflow vulnerability has...

9.3CVSS7.5AI score0.70684EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•50 views

Microsoft Internet Explorer createTextRange Denial of Service - Ver2 (CVE-2006-1359)

A denial-of-service vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

6AI score0.68068EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•33 views

Oracle Java FileDialog.Show Heap Buffer Overflow - Ver2 (CVE-2011-0802)

A remote code execution vulnerability has been reported in Oracle Java Runtime Environment.The vulnerability is due to insufficient validation of the selected file's default values size. A remote attacker could exploit this vulnerability by enticing an unsuspecting user to open a web page...

10CVSS7.6AI score0.06277EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/03/03 12:0 a.m.•17 views

MSN Messenger UIAutomation ActiveX Control Information Disclosure (MS08-050) - Ver2 (CVE-2008-0082)

Windows Messenger, MSN Messenger, and Windows Live Messenger are popular instant messaging clients for Microsoft Windows. An information disclosure vulnerability exists in Windows Messenger, MSN Messenger, and Windows Live Messenger. The vulnerability is caused by an ActiveX control that is marke...

10CVSS5.6AI score0.3435EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/03/02 12:0 a.m.•87 views

HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)

Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...

6.5AI score0.62617EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/02/27 12:0 a.m.•4 views

HP LoadRunner Virtual User Generator saveCodeRuleFile Directory Traversal (CVE-2013-4838)

A directory traversal vulnerability exists in HP LoadRunner Virtual User Generator. The vulnerability exists in the EmulationAdmin web service. The vulnerability is due to insufficient validation on the parameters of saveCodeRuleFile method sent via SOAP requests. A remote unauthenticated attacke...

10CVSS7.4AI score0.10719EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/26 12:0 a.m.•0 views

Suspicious Non-Alphanumeric JavaScript Encoding

Certain evasion tools can obfuscate JavaScript code in order to circumvent security software. Successful exploitation could allow attackers to execute arbitrary code on the target...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/26 12:0 a.m.•4 views

Multiple Routers HNAP Insecure Implementation Privilege Escalation

Multiple routers are vulnerable to insecure implementations of the Home Network Administration Protocol HNAP. This vulnerability could allow unauthenticated users to view and configure administrative settings on the router...

4.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/25 12:0 a.m.•0 views

Suspicious Html Encoding Within HTTP Responses

Html code can be encoded within HTTP responses. Such behavior can be used to circumvent security software...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/25 12:0 a.m.•14 views

Cisco WebEx Player ATAS32.DLL Remote Code Execution (CVE-2011-4004)

A remote code execution vulnerability has been reported in Cisco WebEx Player. The vulnerability is due to insufficient validation of some values in record Type 0x1F and Type 0xBB while processing WebEx Recording Format WRF files. A remote unauthenticated attacker can leverage this vulnerability ...

7.2AI score0.03811EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/02/25 12:0 a.m.•9 views

ISC BIND NSEC3-Signed Zones Queries Processing Denial of Service (CVE-2014-0591)

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a failure to handle queries for NSEC3-signed zones. A remote attacker may exploit this vulnerability by sending a specially crafted query...

2.6CVSS7.1AI score0.31671EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/02/25 12:0 a.m.•36 views

Suspicious HTML Containing Overly Long Text (CVE-2013-2551)

HTML files may include a text tag containing an overly long and suspicious strings. This behavior may indicate an exploitation attempt...

9.3CVSS7.9AI score0.74096EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/02/24 12:0 a.m.•11 views

Joomla ofc_upload_image.php Unrestricted File Upload (CVE-2009-4140)

A remote code execution vulnerability has been reported in Joomla. The vulnerability is due to improper validation. A remote attacker can exploit this issue by uploading a specially crafted php file to the target...

7.5CVSS7.2AI score0.75838EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/02/24 12:0 a.m.•8 views

Adobe Acrobat and Reader Memory Corruption (APSB14-01; CVE-2014-0495)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a memory corruption. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an attacker to execute...

7.6AI score0.03857EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/23 12:0 a.m.•3 views

Adobe Flash Player Double Free Remote Code Execution (APSB14-07; CVE-2014-0502)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful exploitation would allow an attacker to take complete control of the affected system...

4.4AI score0.24204EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2014/02/23 12:0 a.m.•16 views

PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)

A Code Injection vulnerability has been reported in PhpMyAdmin. The vulnerability is due to misconfiguration of PhpMyAdmin server. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could result in attacker-controlled script...

7.5CVSS6.9AI score0.95438EPSS
Exploits16
Check Point Advisories
Check Point Advisories
•added 2014/02/23 12:0 a.m.•18 views

Novell Open Enterprise Server HTTPSTK Denial of Service (CVE-2013-3707)

A denial of service vulnerability exists in the HTTPSTK service in Novell Open Enterprise Server. The vulnerability is because the HTTPSTK service does not close TCP connections properly after a TCP handshake. A remote unauthenticated attacker can exploit this vulnerability by creating several...

4.3CVSS1.5AI score0.01582EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/19 12:0 a.m.•1 views

Google Chrome XSSAuditor Filter Security Policy Bypass

A policy bypass vulnerability exists in Google Chrome. The vulnerability is due a design weakness in Chrome XSSAuditor. By inserting JavaScript in the srcdoc attribute of an IFRAME tag, the Cross-Site Scripting filter can be bypassed. An attacker can exploit this weakness to further facilitate...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/19 12:0 a.m.•7 views

Adobe Acrobat and Reader Memory Corruption (APSB14-01; CVE-2014-0493)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

5.1AI score0.05057EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/19 12:0 a.m.•6 views

Oracle Java JNDI Sandbox Bypass (CVE-2014-0422)

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to the insecure getContextClassLoader method in the JNDI component. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

10CVSS3.3AI score0.06051EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•120 views

IBM Rational Focal Point RequestAccessController Servlet Information Disclosure (CVE-2013-5398)

An information disclosure vulnerability has been reported in IBM Focal Point. The vulnerability is due to input validation error of file variable in com.telelogic.focalpoint.pres.controller.RequestAccessController servlet. A remote unauthenticated attacker could exploit this vulnerability to read...

5.8AI score0.0059EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•42 views

IBM Forms Viewer XFDL Form Processing Stack Buffer Overflow (CVE-2013-5447)

A stack buffer overflow vulnerability exists in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially...

6.5AI score0.34035EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•1 views

PHP Filter Wrapper Information Disclosure

An information disclosure vulnerability has been reported in the PHP filter wrapper function. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...

6.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•2 views

Oracle Fusion Middleware Remote File Inclusion

A remote file inclusion vulnerability has been reported in the Oracle Reports component of Oracle Fusion Middleware. The vulnerability is due to incorrect website configuration that could allow a remote attacker to execute unauthenticated network attacks over HTTP...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•92 views

EMC CMCNE http-file-upload.war FileUploadController Arbitrary File Upload (CVE-2013-6810)

A code execution vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of http-fileupload .war when processing HTTP requests. A remote unauthenticated...

2.4AI score0.17004EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•18 views

Google Picasa CR2 TIFF StripByteCounts Integer Overflow (CVE-2013-5357)

An integer overflow vulnerability exists in Google Picasa. The vulnerability is due to a failure to validate StripByteCounts value when processing CR2 TIFF files. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted CR2 image file with a vulnerable versi...

4AI score0.02303EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•12 views

IBM Rational Focal Point Login Servlet Information Disclosure (CVE-2013-5397)

An information disclosure vulnerability has been reported in IBM Rational Focal Point. The vulnerability is due to an input validation error of the file variable in com.telelogic.focalpoint.pres.controller.LoginController servlet. A remote, unauthenticated attacker could exploit this vulnerabilit...

5.7AI score0.0059EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•50 views

vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload (CVE-2013-3215)

A remote code execution vulnerability has been reported in VTiger CRM.The vulnerability is due to lack of validation of file types uploaded to the server throught the AddEmailAttachment SOAP service. A remote attacker can exploit this vulnerability to access the script remotely and have it run th...

2.4AI score0.68849EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB13-26; CVE-2013-5330)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.5AI score0.1129EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•13 views

MW6 Technologies Aztec ActiveX Control Buffer Overflow (CVE-2013-6040)

A buffer overflow vulnerability exists in MW6 Technologies Aztec ActiveX Control. The vulnerability is due to improperly handled user input in the 'Data' parameter. A remote attacker could exploit the vulnerability via a specially crafted web page...

4.2AI score0.07373EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•252 views

Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...

6.1AI score0.02674EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/17 12:0 a.m.•37 views

Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)

A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...

1.8AI score0.74405EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2014/02/16 12:0 a.m.•12 views

FreeBSD bsnmpd GETBULK PDU Stack Buffer Overflow (CVE-2014-1452)

A remote code execution vulnerability exists in the FreeBSD. The vulnerability is caused due to improper handling of crafted GETBULK PDU requests. A remote,unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on the target system within the security context of bsnm...

5.8CVSS7.8AI score0.01894EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2014/02/15 12:0 a.m.•13 views

Microsoft Internet Explorer Use-After-Free Code Execution (CVE-2014-0322)

A use-after-free vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.85239EPSS
Exploits23
Check Point Advisories
Check Point Advisories
•added 2014/02/13 12:0 a.m.•1 views

PHP Easter Egg Information Disclosure

An information disclosure vulnerability has been reported in the PHP pages. The vulnerability is due to incorrect web server configuration. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2014/02/12 12:0 a.m.•18 views

Microsoft Word File Handling Memory Corruption (MS08-009) - ver 2 (CVE-2008-0109)

Microsoft Word is a popular word processor. By sending a specially crafted Word document, an attacker can cause a memory corruption, and remotely execute arbitrary code on the affected system...

9.3CVSS7.1AI score0.30869EPSS
Exploits1
Total number of security vulnerabilities13538