Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/06/09 12:0 a.m.•30 views

Oracle MySQL for Windows Elevation of Privilege (CVE-2012-5613)

A remote code execution vulnerability has been reported in Oracle MySQL servers...

6CVSS6.1AI score0.31664EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2013/06/09 12:0 a.m.•5 views

TWiki MAKETEXT Remote Command Execution (CVE-2012-6329)

The vulnerability is due to lack of input sanitization in the affected function. A remote attacker can exploit this issue by sending a specially crafted input to the application. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands...

7.5CVSS9.2AI score0.61604EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•0 views

Apache Web Server Plesk Control Panel Configuration Code Execution

A remote code execution vulnerability that affects Apache web servers has been reported in Plesk Control Panel...

8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•39 views

DataLife Engine preview.php PHP Code Injection (CVE-2013-1412)

A PHP code injection vulnerability has been reported in DataLife Engine 9.7...

7.1AI score0.40465EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•34 views

HP System Management Home Page Command Injection (CVE-2013-3576)

A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...

9CVSS7.4AI score0.66592EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•31 views

vBSEO Remote PHP Code Injection (CVE-2012-5223)

A Remote PHP Code Injection has been reported in vBSEO...

7.5CVSS7.2AI score0.40533EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2013/06/06 12:0 a.m.•45 views

Novell ZENworks Asset Management Directory Traversal (CVE-2011-2653)

A Directory Traversal vulnerability has been reported in the Novell ZENworks Asset Management. The vulnerability is due to insufficient input validation when parsing the FileUpload parameter. A remote attacker can exploit this issue by sending a specially crafted packet to the target server...

10CVSS6.8AI score0.73929EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2013/06/05 12:0 a.m.•0 views

Oracle Java Font Parsing mort Table Ligature Subtable Buffer Overflow

A stack buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to validate the data TrueType TTF font file. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged...

8.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/05 12:0 a.m.•11 views

Mutiny FrontEnd Arbitrary File Upload (CVE-2013-0136)

A directory traversal vulnerability has been reported in EditDocument servlet file upload function from the frontend on the Mutiny 5 appliance. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root...

8.5CVSS7.4AI score0.40338EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/06/04 12:0 a.m.•29 views

Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)

The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...

9.3CVSS8.4AI score0.72778EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2013/06/04 12:0 a.m.•30 views

Preemptive Protection against Microsoft Office File Parsing Buffer Overflow (MS13-051; CVE-2013-1331)

A remote code execution vulnerability has been reported in Microsoft Office...

7.3AI score0.81877EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/06/03 12:0 a.m.•11 views

Cisco WebEx Recording Format Player atas32.dll Integer Overflow (CVE-2012-1336)

A code execution vulnerability has been reported in Cisco WebEx Recording Format WRF Player. The vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and...

7.4AI score0.04912EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/03 12:0 a.m.•20 views

IBM SPSS SamplePower Vsflex8l ActiveX Control Buffer Overflow (CVE-2012-5945)

A code execution vulnerability exists in the VsVIEW6.ocxActiveX control, which is shipped as part of IBM SPSS SamplePower...

6.9AI score0.03498EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•0 views

BigAnt Server DDNF Request Stack Buffer Overflow

A stack buffer overflow vulnerability has been reported in BigAnt Server...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•0 views

SAP NetWeaver SXPG_CALL_SYSTEM Remote Code Execution

A vulnerability has been reported in SAP NetWeaver SXPGCALLSYSTEM...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•2 views

OPC UA Delete Subscriptions Response Command

...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•27 views

MiniUPnP MiniUPnPd ProcessSSDPRequest Denial of Service (CVE-2013-0229)

A denial of service vulnerability has been reported in MiniUPnP MiniUPnPd. The vulnerability is due to a boundary error in ProcessSSDPRequest function. A remote attacker can exploit this vulnerability by sending specially crafted packet to the target. Successful exploitation could cause the servi...

7.8CVSS6.1AI score0.76396EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•31 views

Microsoft Windows Remote Desktop Protocol Denial of Service (MS05-041) - High Confidence (CVE-2005-1218)

A vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP. Remote Desktop Protocol RDP lets users create a virtual session on their desktop computers, allowing them to access all the data and applications on their computers. To trigger the vulnerability, an attacker could send a...

5CVSS6.1AI score0.61183EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•1 views

Wordpress W3 Total Cache PHP Code Execution

A remote code execution vulnerability has been reported in Wordpress plugin W3 Total Cache.The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection...

8.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/06/02 12:0 a.m.•17 views

EMC AlphaStor Library Control Program Multiple Buffer Overflows (CVE-2013-0946)

Multiple buffer overflow vulnerabilities has been reported in EMC AlphaStor Library Control Program LCP while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. An unauthenticated attackers can exploit this...

9.3CVSS8.1AI score0.28547EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2013/05/29 12:0 a.m.•15 views

Squid Proxy Oversized Reply Header Handling - Improved Performance (CVE-2005-0241)

A denial of service vulnerability has been reported in Squid Web Proxy Cache server...

5CVSS6.2AI score0.69661EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/29 12:0 a.m.•14 views

Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)

A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...

8.5CVSS6.3AI score0.40338EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/05/28 12:0 a.m.•13 views

MongoDB nativeHelper.apply Remote Code Execution (CVE-2013-1892)

A remote code execution vulnerability has been reported in MongoDB...

6CVSS8.4AI score0.44543EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2013/05/28 12:0 a.m.•25 views

Citadel SMTP RCPT Remote Buffer Overflow - High Confidence (CVE-2008-0394)

The Citadel Server is a mail server product geared towards small and medium size organizations. The product implements POP3, IMAP4, and SMTP services. The SMTP server module is installed and started in a default installation. There exists a buffer overflow vulnerability in Citadel SMTP Server. Th...

7.5CVSS7.7AI score0.11948EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/05/22 12:0 a.m.•9 views

PhpMyAdmin preg_replace Function Code Injection (CVE-2013-3238)

A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. The vulnerability is due to an input validation error when handling queries of the types replaceprefixtbl or copytblchangeprefix to dbstructure.php. A remote, authenticated attacker could exploi...

6CVSS6.6AI score0.28851EPSS
Exploits14
Check Point Advisories
Check Point Advisories
•added 2013/05/21 12:0 a.m.•6 views

Adobe Flash Player Style Sheet Null Pointer Denial of Service (APSB13-15; CVE-2013-3329)

A denial of service vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a NULL pointer value when applying malformed badly formatted HTML text field. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS6AI score0.05319EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/20 12:0 a.m.•7 views

Adobe Acrobat Reader Use-after-closed Sandbox Security Bypass (APSB13-15; CVE-2013-2550)

A sandbox Security Bypass vulnerability exists in Adobe Reader. This vulnerability could subvert the sandbox protection mechanism. The vulnerability could allow remote attackers to bypass intended sandbox restrictions...

7.5CVSS6.3AI score0.04384EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•50 views

HP Data Protector Create New Folder Buffer Overflow (CVE-2012-0124)

A stack buffer overflow vulnerability has been reported in HP Data Protector 5. The vulnerability is due to insecure handling of file names when creating new folders. An unauthenticated remote attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. A...

7.3AI score0.62655EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•20 views

ACDSee FotoSlate PLP File id Parameter Overflow (CVE-2011-2595)

A parameter overflow vulnerability exists in ACDSee FotoSlate. The vulnerability is due to boundary errors in FSEngine4.dll when processing the "id" attribute certain tags. A remote attacker could trigger this flaw by tricking a victim into opening a specially crafted malicious .plp file...

6.4AI score0.6128EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•17 views

Adobe ColdFusion Directory Traversal Information Disclosure (APSA13-03; CVE-2013-3336)

A directory traversal vulnerability has been reported in Adobe ColdFusion. The vulnerability is due to a design weakness in the ColdFusion application. A remote attacker may exploit this issue to retrieve arbitrary files from the target system via directory traversal...

6.4AI score0.74265EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•9 views

Adobe Acrobat Reader Crafted RLE8 format BMP File Buffer Overflow (APSB13-15; CVE-2013-2729)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to a buffer overflow while loading specially crafted BMP image resources from a PDF file. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with ...

10CVSS6.9AI score0.66555EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/05/19 12:0 a.m.•15 views

HP Intelligent Management Center ReportImgServlet Information Disclosure (CVE-2012-5203)

An information disclosure vulnerability has been reported in HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the ReportImgServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the targ...

7.5CVSS6.3AI score0.21014EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/05/16 12:0 a.m.•17 views

Microsoft Office Malformed GIF File Processing Code Execution (MS06-039) - Improved Performance (CVE-2006-0007)

The Microsoft Office is a popular application suite that consists of several independent applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and others. The suite ships with a set of image processing helper libraries known as graphics filters. The graphics filters are used...

9.3CVSS7.5AI score0.19519EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/16 12:0 a.m.•28 views

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...

9.3CVSS8AI score0.07319EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/05/16 12:0 a.m.•24 views

InduSoft Web Studio Unauthenticated Insecure Remote Operations - High Confidence (CVE-2011-4051)

A code execution vulnerability has been reported in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to the absence of authentication for incoming requests to the Remote Agent service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafte...

10CVSS7.2AI score0.70156EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•16 views

Microsoft Visio SVG File Information Disclosure (MS13-044; CVE-2013-1301)

An information disclosure vulnerability has been reported in Microsoft Visio. The vulnerability is caused when Microsoft Visio improperly handles XML external entities that are resolved within other XML external entity declarations. An attacker who successfully exploited this vulnerability could...

5.4AI score0.16707EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•8 views

Internet Explorer Caching Use-after-free (MS13-037; CVE-2013-1306)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.33407EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•9 views

Internet Explorer CMarkupTransNavContext Use After Free (MS13-037; CVE-2013-1308)

A Code Execution vulnerability exists in Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way th...

7.2AI score0.209EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•9 views

Internet Explorer Initialization Error Use-after-free (MS13-037; CVE-2013-1307)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.20643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•6 views

Internet Explorer Layout Use-after-free Code Execution (MS13-037; CVE-2013-1310)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.4AI score0.20643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•38 views

Internet Explorer Deleted Object Use-after-free (MS13-037; CVE-2013-1311)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.20699EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•13 views

Preemptive Protection against Microsoft Lync Remote Code Execution (MS13-035; CVE-2013-1302)

A remote code execution vulnerability has been reported in Microsoft Lync. The vulnerability is due the way Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to accept an invitation to launch specially...

7.1AI score0.2191EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•12 views

Windows Live Essentials Improper URI Handling Vulnerability (MS13-045; CVE-2013-0096)

An information disclosure vulnerability exists when Windows Live Writer fails to properly handle a specially crafted URL. An attacker who successfully exploited this vulnerability could perform various actions on behalf of the logged-on user. These actions include the ability to overwrite files a...

5.5AI score0.16097EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•6 views

Internet Explorer Json Information Disclosure (MS13-037; CVE-2013-1297)

An information disclosure vulnerability exists in Internet Explorer versions 7, 8, and 9 on Windows Vista and Windows 7. An attacker who successfully exploited this vulnerability could view the contents of protected JSON files...

5.5AI score0.16777EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•11 views

Microsoft .NET XML Digital Signature Spoofing (MS13-040; CVE-2013-1336)

A spoofing vulnerability has been reported when the Microsoft .NET Framework fails to properly validate the signature of specially crafted XML files. Successful exploitation would allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file...

3.3AI score0.19263EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•17 views

Internet Explorer Deleted Object Code Execution (MS13-037; CVE-2013-1312)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.3AI score0.20643EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•57 views

Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)

A buffer overflow vulnerability exists in Internet Explorer while accessing a dynamic array of attributes of a VML shape object. The vulnerability may lead to memory corruption in such a way that will allow code execution in the context of the current user...

8.7AI score0.74096EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/05/12 12:0 a.m.•38 views

Microsoft Windows SMB Client Repeated Negotiation Responses (MS10-006) - High Confidence (CVE-2010-0017)

A remote code execution vulnerability has been reported in the Microsoft Server Message Block SMB Protocol. The vulnerability is due to a race condition in the Microsoft SMB implementation that fails to properly handle specially crafted SMB responses. A remote attacker could exploit this flaw by...

9.3CVSS7.2AI score0.30879EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2013/05/12 12:0 a.m.•41 views

Sun Java GIF File Handling Memory Corruption - Improved Performance (CVE-2007-0243)

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java is wide...

6.8CVSS7.5AI score0.10994EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/05/09 12:0 a.m.•1 views

HP Data Protector Manager MMD Service Stack Buffer Overflow - Improved Performance

HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. A stack buffer overflow vulnerability has been reported in HP Data Protector manager...

8.2AI score
Exploits0
Total number of security vulnerabilities13538