Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/04/24 12:0 a.m.•28 views

Microsoft HTML Sanitization Cross Site Scripting (MS13-035) - High Confidence (CVE-2013-1289)

A cross-site scripting vulnerability has been reported in multiple Microsoft products. The flaw is due to the way that the applications sanitize HTML. Remote attackers can exploit this vulnerability by submitting crafted HTML to the vulnerable server that uses the HTML Sanitization library, and...

4.3CVSS5.8AI score0.15432EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/23 12:0 a.m.•3 views

Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow

A stack buffer overflow vulnerability has been identified in Foxit Reader Plugin for Firefox. The vulnerability is due to a lack of bounds checking in an essential dll file, and affects handling of URLs. A remote attacker could exploit this vulnerability by enticing a target user to load a...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/23 12:0 a.m.•3 views

7T Interactive Graphical SCADA RMS Reports Buffer Overflow

7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. Multiple buffer overflow vulnerabilities have been reported in 7T Interactive Graphical SCADA System IGSS. The vulnerability is due to boundary errors in the...

8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/23 12:0 a.m.•12 views

Apache HTTPD mod_log_config Cookie Handling Denial of Service - High Confidence (CVE-2012-0021)

A denial of service vulnerability has been reported in Apache HTTPD server. The vulnerability is due to a NULL pointer dereference error while logging crafted HTTP requests by modlogconfig. A remote attacker can exploit this issue by continuously sending HTTP requests containing specially crafted...

8.6AI score0.30809EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/23 12:0 a.m.•19 views

Apple QuickTime ActiveX Control Clear Method Use After Free - Improved Performance (CVE-2012-3754)

A use-after-free vulnerability has been reported in Apple QuickTime's ActiveX control. The vulnerability is due to an error while handling a certain method. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted web page using Internet Explorer...

7AI score0.04365EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/22 12:0 a.m.•6 views

Microsoft Internet Explorer JPEG Rendering Buffer Overflow (MS05-038; CVE-2005-1988) - High Confidence

A buffer overflow vulnerability has been reported in the Microsoft Internet Explorer JPEG image rendering component. The vulnerability is due to the improper validation of user specified data in JPEG image files. A remote attacker can exploit this issue by enticing the target user to open a...

7.4AI score0.45597EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/22 12:0 a.m.•1 views

iSCSI target Multiple Implementations iSNS Stack Buffer Overflow - High Confidence (CVE-2010-2221)

A stack buffer overflow vulnerability has been reported in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by missing boundary checks when handling SCN messages. Remote attacker can exploit this vulnerability by sending a malicious message to an iSCSI...

5CVSS6.7AI score0.05347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/21 12:0 a.m.•6 views

Apple QuickTime rnet Box Parsing Heap Buffer Overflow - Improved Performance (CVE-2012-3756)

A heap buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to a bounds-checking error while parsing QuickTime reference movie files. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted QuickTime movie fi...

7.4AI score0.05562EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/04/21 12:0 a.m.•24 views

Apple QuickTime Plugin Content-Type Buffer Overflow - Improved Performance (CVE-2012-3753)

A stack buffer overflow vulnerability has been reported in Apple QuickTime plugin. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by enticing the target user to view a specially crafted web page. Successful exploitation would allow...

7.2AI score0.35078EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2013/04/18 12:0 a.m.•17 views

VMware ESX and ESXi Server SOAP Request Handling Denial Of Service (CVE-2012-5703)

The vulnerability is due to improper handling of certain SOAP requests in the vSphere API...

6.3AI score0.02374EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/18 12:0 a.m.•3 views

Adobe Flash Player RTMP Code Execution (APSB13-11; CVE-2013-2555)

A code execution vulnerability has been reported in the Adobe Flash Player. The vulnerability is due to insufficient sanitization by the Adobe Flash Player when reading data from a RTMP multimedia stream. A remote attacker may exploit this issue by sending a specially crafted RTMP packet to the...

7.5AI score0.08458EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/18 12:0 a.m.•18 views

Microsoft MSN Messenger and Windows Live Messenger Code Execution - improved performance (CVE-2007-2931)

MSN Messenger is an instant messaging application developed by Microsoft. It was renamed to Windows Live Messenger in recent releases. MSN Messenger provides communicating features such as voice conversations, video conference, files transferring and online games. There exists a buffer overflow...

9.3CVSS7.6AI score0.55451EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/04/18 12:0 a.m.•23 views

BigAnt Server DUPF Command Arbitrary File Upload (CVE-2012-6274)

An arbitrary file upload vulnerability exists in BigAnt Server. The vulnerability is due to lack of authentication and a directory traversal weakness in processing a DUPF command. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server...

7.7AI score0.46868EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/04/17 12:0 a.m.•41 views

Schneider Electric Interactive Graphical SCADA System Buffer Overflow - Improved Performance (CVE-2013-0657)

An buffer overflow vulnerability has been reported in Schneider Electric's Interactive Graphical SCADA System IGSS application. The vulnerability is due to an integer underflow that leads to a stack buffer overflow when processing crafted input sent to ports 12397/TCP and 12399/TCP...

6.7AI score0.21262EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/04/15 12:0 a.m.•27 views

Microsoft LSASS Authentication Process Integer Overflow (MS09-059; CVE-2009-2524) - high confidence

An elevation of privilege vulnerability has been discovered in the Microsoft Windows Local Security Authority Subsystem Service LSASS. The vulnerability is due to the Windows NTLM implementation in LSASS improper handling of malformed packets during NTLM authentication. A remote attacker could...

6.4AI score0.28261EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/14 12:0 a.m.•25 views

Smart Software Solutions CoDeSys CmpWebServer Content-Length NULL Pointer (CVE-2011-5009)

Denial of service has been reported in Smart Software Solutions CoDeSys CmpWebServer.The vulnerability is due to insufficient validation of incoming HTTP POST requests to TCP port 8080.A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the affected...

5CVSS6.2AI score0.10775EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/14 12:0 a.m.•22 views

Adobe Photoshop PNG Image Processing Buffer Overflow - Improved Performance (CVE-2012-4170)

A heap buffer overflow vulnerability has been reported in Adobe Photoshop CS6. The vulnerability is due to an error while handling certain chunks within a specially crafted PNG file. A remote attacker can exploit this vulnerability by enticing a user to open a malicious PNG file. Successful...

7AI score0.1136EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/11 12:0 a.m.•4 views

Contaware FreeVimager GIF LZWMinimumCodeSize Memory Corruption - Improved Performance

A memory corruption vulnerability has been reported in Contaware FreeVimager. The vulnerability is due to an error in processing GIF images containing an invalid value for the LZWMinimumCodeSize field. An attacker could exploit this vulnerability by enticing a target user to open a maliciously...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/10 12:0 a.m.•24 views

Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow - High Confidence (CVE-2007-6435)

Novell GroupWise is a client-server collaborative software and email system provided by Novell. The Novell GroupWise Client application is capable of communicating with Novell Group server, as well as Internet email gateways using SMTP, POP, and IMAP protocols. A buffer overflow vulnerability has...

9.3CVSS7.4AI score0.06588EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/04/10 12:0 a.m.•40 views

WellinTech KingView KingMess Log File Parsing Buffer Overflow (CVE-2012-4711)

A buffer overflow vulnerability has been reported in KingView's KingMess. The vulnerability is due to an error while parsing log files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted log file...

10CVSS6.6AI score0.61492EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/04/09 12:0 a.m.•15 views

IBM Java java.lang.ClassLoader.defineClass Sandbox Breach (CVE-2012-4823)

A sandbox breach vulnerability has been reported IBM Java. The vulnerability exists in a certain function which calls a specific class, which later incorrectly returns a privileged ClassLoader, which is then used to instantiate a certain object. That object uses ByteArrays to create a class, whic...

9.3CVSS4.8AI score0.06864EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/09 12:0 a.m.•3 views

BIND 9 DNS Server Dynamic Update Denial of Service - High Confidnce

ISC BIND 9 contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support for dynamic DNS updates. BIND 9 can cra...

6.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/09 12:0 a.m.•27 views

Microsoft Active Directory LDAP Request Memory Consumption (MS13-032; CVE-2013-1282)

A denial of service vulnerability exists in implementations of Active Directory. Successful exploitation could cause the service to stop responding. The vulnerability is caused when the LDAP service fails to handle a specially crafted query. A Remote attacker can exploit this issue via a speciall...

2.8AI score0.27005EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/09 12:0 a.m.•25 views

Microsoft DNS Server Validation Spoofing (MS09-008) - High Confidence (CVE-2009-0234)

A weakness exists in Microsoft DNS server implementation. The problem is caused by improper handling of negative results for DNS ANY queries. Remote attackers could exploit this vulnerability by sending numerous ANY queries to the target server, followed by malicious responses to the same server...

6.4CVSS6.4AI score0.34442EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/09 12:0 a.m.•17 views

Microsoft Windows RDP ActiveX Control Remote Code Execution (MS13-029; CVE-2013-1296)

A remote code execution vulnerability in the way the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit this vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully...

9.3CVSS7.2AI score0.20661EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/08 12:0 a.m.•0 views

Simple Web Server Connection Header Buffer Overflow

PMSoftware Simple Web Server 2.2-rc2 suffers from remote buffer overflow vulnerability. The vulnerability is caused by failure to sanitize user-supplied input resulting in a buffer overflow. A remote user can send a long string data in a certain header, resulting in stack overflow, and arbitrary...

8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/08 12:0 a.m.•48 views

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential (CVE-2012-3951)

An insecure default credentials config has been reported in Plixer Scrutinizer. The vulnerability is due to an insecure config of default credentials in the MySQL server. The attacker could log into MySQL server with the default credentials, and then gain arbitrary remote code execution...

7.5CVSS9.5AI score0.51995EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2013/04/08 12:0 a.m.•2 views

Microsoft Internet Explorer Mouse Movement Information Disclosure

A design weakness vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in reference counting while handling the fireEvent method. Remote attackers can exploit this vulnerability by enticing the target user to view a malicious HTML document...

6.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/08 12:0 a.m.•22 views

Adobe Photoshop PNG Image Processing Buffer Overflow - Improved Performance (CVE-2012-4170)

A heap buffer overflow vulnerability has been reported in Adobe Photoshop CS6. The vulnerability is due to an error while handling certain chunks within a specially crafted PNG file. A remote attacker can exploit this vulnerability by enticing a user to open a malicious PNG file. Successful...

9.3CVSS7AI score0.1136EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/08 12:0 a.m.•18 views

HP LeftHand Virtual SAN Appliance hydra SNMP Processing Buffer Overflow (CVE-2012-3284)

A stack buffer overflow vulnerability has been reported in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on parameters of an SNMP request sent to the hydra service. A remote attacker can exploit this issue by sending a crafted SNMP request to the...

6.7AI score0.08695EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/04 12:0 a.m.•10 views

HP LeftHand Virtual SAN Appliance hydra Diag Processing Buffer Overflow (CVE-2012-3283)

A heap buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on parameters of a Diag request sent to the hydra service which listens by default on port 13838/TCP. A remote attacker can exploit this vulnerability by...

6.8AI score0.10436EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/04 12:0 a.m.•24 views

EMC NetWorker nsrindexd RPC Service Buffer Overflow (CVE-2012-4607)

A buffer overflow vulnerability has been reported in EMC NetWorker. The vulnerability is due to a boundary error when processing crafted RPC requests. A remote unauthenticated attacker could trigger this flaw by sending a crafted RPC request to the server...

6.8AI score0.03189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/04 12:0 a.m.•53 views

Snort Back Orifice Pre-Processor Buffer Overflow - Improved Performance (CVE-2005-3252)

A buffer overflow exists in Snort product. The flaw is caused by an insufficient boundary checks in the handling of Back Orifice messages. An attacker may leverage this vulnerability to execute arbitrary code in the security context of the affected product, normally root. In case of an attack whe...

7.5CVSS7.7AI score0.83621EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2013/04/04 12:0 a.m.•5 views

Oracle Java Security Slider Feature Bypass (CVE-2013-1489)

A security feature bypass vulnerability has been reported in Oracle Java JRE. The vulnerability occurs when a serialized class is loaded via the applet tag object attribute. A remote attacker can exploit this vulnerability to bypass warning prompts by enticing user to open a Java applet embedded ...

6.2AI score0.07641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/04 12:0 a.m.•32 views

Schneider Electric Interactive Graphical SCADA System Buffer Overflow (CVE-2013-0657)

A buffer overflow vulnerability exists in Schneider Electric's Interactive Graphical SCADA System IGSS application. The vulnerability is due to an integer underflow that leads to a stack buffer overflow when processing crafted input sent to ports 12397/TCP and 12399/TCP...

6.6AI score0.21262EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/04/03 12:0 a.m.•19 views

Microsoft HTML Sanitization Cross Site Scripting (MS13-035; CVE-2013-1289)

An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. Successful exploitation could allow an attacker to perform cross-site scripting attacks against affected users, resulting in script execution in the target's security context...

4.3CVSS5.8AI score0.15432EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/03 12:0 a.m.•1 views

VideoLAN VLC Media Player SWF Code Execution

A code execution vulnerability has been reported in VLC Media Player. The vulnerability is due to memory corruption vulnerability when handling certain SWF files. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted SWF file with a vulnerable version of...

7.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/03 12:0 a.m.•19 views

HP LeftHand Virtual SAN Appliance hydra Credential Information Disclosure (CVE-2012-3282)

An information disclosure vulnerability exists in HP LeftHand Virtual SAN Appliance. Successful exploitation will disclose credentials that could allow the attacker to log in to the server with administrator privileges. The vulnerability is due to a design weakness and occurs when a snapshot...

10CVSS5.9AI score0.16865EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/02 12:0 a.m.•1 views

Iconics Genesis SCADA Integer Overflow 0x04b0

An integer overflow vulnerability has been reported in Iconics Genesis GenBroker...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/02 12:0 a.m.•32 views

Microsoft Silverlight Pointer Dereference Memory Corruption (MS13-022; CVE-2013-0074; CVE-2013-3896)

A pointer dereference vulnerability has been reported in Microsoft Silverlight. This vulnerability is due to insufficient verification of a pointer when rendering an HTML object. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page, potentially...

9.3CVSS6.6AI score0.81868EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/03/31 12:0 a.m.•4 views

Energizer DUO Trojan Code Execution (CVE-2010-0103)

A remote code execution vulnerability has been reported in Energizer DUO USB battery charger. The vulnerability is due to the file Arucer.dll providing USB communication capabilities. A remote attacker can exploit this vulnerability by using this capability as a backdoor...

9.3CVSS7.2AI score0.27429EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/03/28 12:0 a.m.•16 views

BigAnt Server SCH Request Stack Buffer Overflow (CVE-2012-6275)

A stack buffer overflow vulnerability exists in BigAnt Server. The vulnerability is due to a boundary error when handling SCH and DUPF requests. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result...

7.8AI score0.46498EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2013/03/27 12:0 a.m.•4 views

MIT Kerberos 5 KDC pkinit_check_kdc_pkid NULL Pointer Dereference (CVE-2013-1415)

A denial-of-service vulnerability has been reported in the MIT Kerberos 5 KDC server. The vulnerability is due to a free of a NULL pointer in the pkinitcheckkdcpkid function while processing malformed requests. A remote unauthenticated attacker can exploit this vulnerability by sending specially...

5CVSS6.5AI score0.04211EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/03/24 12:0 a.m.•2 views

Mozilla Firefox Animated PNG Processing Integer Overflow - improved performance (CVE-2008-4064)

Firefox is a popular, open source web browser developed by Mozilla Foundation. A vulnerability was reported in Mozilla Firefox. Mozilla Firefox fails to properly process Animated Portable Network Graphics APNG image files. A remote attacker could exploit this vulnerability by persuading a target...

10CVSS9.5AI score0.04872EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/03/24 12:0 a.m.•4 views

Oracle Java 2D ImagingLib Integer Overflow (CVE-2013-0809)

A code execution vulnerability has been reported in the 2D component of Oracle Java. The vulnerability is due to an integer overflow in the ImagingLib class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation o...

10CVSS9.4AI score0.10753EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/03/24 12:0 a.m.•27 views

Internet Explorer PNG Image Rendering Memory Corruption - improved performance (MS05-025; CVE-2005-1211; CVE-2006-0025)

Portable Network Graphics PNG is a popular image file format. Specially crafted PNG files may be used to create a DoS condition and in some cases, arbitrary code execution...

9.3CVSS7AI score0.48723EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/03/24 12:0 a.m.•11 views

Apache HTTPD mod_proxy_balancer Cross Site Scripting (CVE-2012-4558)

A cross site scripting vulnerability exists in Apache HTTP web server modproxybalancer. The vulnerability is due to a lack of input validation in the URI of the modproxybalancer manager interface. A remote attacker can exploit these vulnerabilities by enticing a user to follow a specially crafted...

6.2AI score0.22913EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/03/21 12:0 a.m.•0 views

Sophos Anti-Virus CAB Files Invalid typeCompress Parsing Heap Buffer Overflow - Improved Performance

A buffer overflow vulnerability has been reported in Sophos Anti-Virus. The vulnerability is due to an error in the way the application handles invalid values. A remote attacker could exploit this vulnerability by causing the affected application to process a specially crafted CAB file. Successfu...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/03/21 12:0 a.m.•27 views

Microsoft Word CSS Processing Code Execution - Improved Performance (MS08-026; CVE-2008-1434)

A remote code execution vulnerability has been identified in Microsoft Word...

3.1AI score0.30869EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/03/21 12:0 a.m.•16 views

HP LeftHand Virtual SAN Appliance hydra Ping Processing Buffer Overflow (CVE-2012-3285)

A stack buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on target hostname or IP address of a Ping request sent to the hydra service which listens by default on port 13838/TCP. A remote attacker can exploit this...

6.7AI score0.08695EPSS
Exploits4
Total number of security vulnerabilities13538