Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/02/27 12:0 a.m.•11 views

cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)

The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...

7.5CVSS6.8AI score0.22913EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/02/27 12:0 a.m.•4 views

Nagios XI Autodiscovery Arbitrary Command Execution

An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...

7.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/27 12:0 a.m.•19 views

Microsoft .NET Framework WinForms Information Disclosure (CVE-2013-0001)

A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way WinForms handles pointers to unmanaged memory locations.A remote, unauthenticated attacker can exploit this vulnerability by either enticing a user to visit a maliciously...

4.3CVSS7.9AI score0.13553EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/27 12:0 a.m.•38 views

SAP NetWeaver Message Server Memory Corruption (CVE-2013-1592)

A code execution vulnerability has been reported in SAP NetWeaver Message Server. The vulnerability is due to an array index error in the function MsJ2EEAddStatistics. A remote attacker can exploit this vulnerability by sending a specially crafted message to a vulnerable server...

9.2AI score0.22612EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/02/26 12:0 a.m.•15 views

Opera SVG clipPath Use After Free Memory Corruption (CVE-2013-1638)

A use-after-free vulnerability has been reported in Opera web browser. The vulnerability is due to an error while parsing SVG content. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file with a vulnerable version of Opera...

9.3CVSS6.3AI score0.08036EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/25 12:0 a.m.•6 views

Ubisoft Uplay 2.0.3 ActiveX Control Arbitrary Code Execution (CVE-2012-4177)

A remote code execution vulnerability exists in Ubisoft Uplay 2.0.3. The vulnerability is due to insufficient verification of a command path parameter value when parsing a Uplay ActiveX object. A remote attacker can exploit this vulnerability by enticing a user to open a webpage that contains a...

7.2AI score0.5802EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/25 12:0 a.m.•15 views

Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow (CVE-2013-0418)

A heap buffer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to an error when processing Coords structure for loda chunks of type 3 Line/Curve. Remote attackers could exploit the vulnerability to inject and execute arbitrary code in the context of the vulnerable...

6.8CVSS7.5AI score0.08347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/24 12:0 a.m.•31 views

Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow (CVE-2012-5960)

A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing service name URIs in the function called from the SSDP protocol parser. A remote attacker can exploit this vulnerability to execute...

7.6AI score0.32627EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/24 12:0 a.m.•37 views

Microsoft XML Core Services Integer Truncation Memory Corruption (MS13-002; CVE-2013-0006)

A memory corruption vulnerability exists in Microsoft XML Core Services. The vulnerability is due to an integer truncation error while Microsoft XML Core Services parses XML content. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted website...

9.3CVSS7.2AI score0.28084EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/21 12:0 a.m.•16 views

Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow (CVE-2012-5959)

A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing UUID: service name URIs in the uniqueservicename function called from the SSDP protocol parser. Remote unauthenticated attackers can explo...

7.8AI score0.75796EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•0 views

WebPageTest Directory Traversal

This module exploits a directory traversal vulnerability found in WebPageTest 2.6...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•1 views

QuickShare File Server Directory Traversal

A directory traversal vulnerability has been reported in QuickShare File Server...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•40 views

Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass (CVE-2012-2626)

An authentication bypass vulnerability has been reported in Plixer Scrutinizer NetFlow and sFlow Analyzer...

6.7AI score0.44458EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•4 views

Microsoft DirectPlay Office File Handling Invalid Memory Free (MS12-082; CVE-2012-1537)

An invalid memory free vulnerability exists in Microsoft DirectPlay...

6.3AI score0.22568EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•31 views

IBM Java ProxyUtil Sandbox Breach (CVE-2012-4820)

A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to an access control failure in the "com.ibm.rmi.util.ProxyUtil" package. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page...

9.3CVSS4.9AI score0.05086EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/20 12:0 a.m.•23 views

Microsoft DNS Server Denial of Service - Specific (MS12-017; CVE-2012-0006)

A denial of service vulnerability has been reported in Microsoft DNS servers. The vulnerability is due to the way that the DNS server improperly handles objects in memory when looking up the resource record of a domain. A remote attacker may exploit this issue by sending a specially crafted DNS...

6AI score0.31083EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•2 views

Nagios XI Alert Cloud Cross-Site Scripting

A reflected cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient sanitization of HTTP GET requests sent to index.php. An attacker entices a user to click on a URL containing malicious script code in the parameters. The vulnerability is...

6.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•16 views

PHP apache_request_headers Function Buffer Overflow (CVE-2012-2329)

A buffer overflow was reported in the apacherequestheaders function in PHP. The vulnerability is due to the insecure handling of the HTTP headers. An attacker can exploit this issue by sending a specially crafted HTTP request to the target server. Successful exploitation may allow the attacker to...

7.5AI score0.62649EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•26 views

Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)

An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...

6.8CVSS9.4AI score0.93797EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•36 views

Adobe ColdFusion Authentication Bypass (CVE-2013-0632)

An authentication bypass vulnerability has been reported in ColdFusion servers. A remote attacker could trigger this through Remote Development Services RDS or Administrator interfaces if they do not require authentication or through CSRF if APSB12-26 has not been applied...

10CVSS6.7AI score0.93691EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•41 views

Csound Hetro File Handling Stack Buffer Overflow (CVE-2012-0270)

A stack buffer overflow vulnerability has been reported in Csound. The vulnerability is due to the improper validation of specially crafted hetro files. A remote attacker can exploit this issue by enticing the victim to accept and open a specially crafted file. Successful exploitation would resul...

7.5CVSS7.3AI score0.54671EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/02/19 12:0 a.m.•37 views

Ruby on Rails JSON Processor YAML Deserialization Code Execution (CVE-2013-0333)

A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...

7.5CVSS7.8AI score0.98582EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2013/02/17 12:0 a.m.•5 views

Non Compliant Scada Modbus Write File Record

...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/17 12:0 a.m.•2 views

Scada Modbus Function Code Scan

...

7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/17 12:0 a.m.•11 views

3ivx MPEG-4 MP4 File Handling Stack Overflow - Specific (CVE-2007-6401)

There exists a buffer overflow vulnerability in 3ivx MPEG-4. Specifically, the vulnerability is due to improper handling of MP4 files by the 3ivx MPEG-4 codec plugin. A remote attacker can exploit this vulnerability by enticing the target user to open crafted MP4 file, potentially causing arbitra...

7.4AI score0.29729EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/17 12:0 a.m.•11 views

Adobe Reader PDF File DLL Injection Remote Code Execution (APSA13-02; CVE-2013-0640)

A remote code execution vulnerability has been reported in Adobe Reader. The vulnerability is due to a dll injection while handling malformed PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would allow an...

8AI score0.86979EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•19 views

Microsoft Windows Common Controls OLE Remote Code Execution (MS13-020; CVE-2013-1313)

A remote code execution vulnerability has been reported in Microsoft Windows...

7.3AI score0.22701EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•15 views

Internet Explorer InsertElement Use After Free (MS13-009; CVE-2013-0026)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.19905EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•2 views

Eurograbber

The Eurograbber Trojan targets bank customers. The attack infects computers and mobile devices. The Trojan attempts to steal money from the victim's bank account...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•10 views

Internet Explorer CObjectElement Use After Free (MS13-009; CVE-2013-0028)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.19905EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•26 views

Internet Explorer CHTML Use After Free (MS13-009; CVE-2013-0029)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.30339EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•10 views

Internet Explorer CMarkup Use After Free (MS13-009; CVE-2013-0020)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.28331EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•24 views

Internet Explorer VML Objects Memory Corruption (MS13-009; CVE-2013-0030)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VML buffers are allocated. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially crafted web page. An attacke...

9.3CVSS7AI score0.26696EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•17 views

Internet Explorer CPasteCommand Use After Free (MS13-009; CVE-2013-0027)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.19905EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•4 views

Internet Explorer vtable Use After Free Memory Corruption (MS13-009; CVE-2013-0021)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.21185EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•11 views

Internet Explorer SetCapture Use After Free (MS13-009; CVE-2013-0018)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.19905EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•32 views

Internet Explorer SLayoutRun Use After Free (MS13-009; CVE-2013-0025)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.55765EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•13 views

Internet Explorer pasteHTML Use After Free (MS13-009; CVE-2013-0024)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.4AI score0.19905EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•16 views

Microsoft Windows Media Decompression Remote Code Execution (MS13-011; CVE-2013-0077)

A remote code execution vulnerability has been reported in Microsoft Windows...

7.3AI score0.24242EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•17 views

Internet Explorer CDispNode Use After Free (MS13-009; CVE-2013-0023)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.18572EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•24 views

Postfix IPv6 Relaying Security Issue (CVE-2005-0337)

There is a vulnerability in the way Postfix handles the relaying of e-mail messages A successful attack allows an attacker to use the target Postfix as an open relay to MX hosts with IPv6addresses...

6.2AI score0.02806EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•7 views

Internet Explorer LsGetTrailInfo Use After Free (MS13-009; CVE-2013-0022)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.16805EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•48 views

Microsoft Internet Explorer SLayoutRun Use After Free (MS13-009) - High Confidence (CVE-2013-0025)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

9.3CVSS7.3AI score0.55765EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•29 views

Internet Explorer Shift JIS Character Encoding (MS13-009; CVE-2013-0015)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.15853EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/02/12 12:0 a.m.•9 views

Internet Explorer COmWindowProxy Use After Free (MS13-009; CVE-2013-0019)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer...

7.3AI score0.34923EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2013/02/07 12:0 a.m.•4 views

Adobe Flash Player SWF File Buffer Overflow (APSB13-04; CVE-2013-0633)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an improper buffer allocation while handling specially crafted SWF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.2AI score0.20881EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/07 12:0 a.m.•6 views

Adobe Flash Player ActionScript Code Heap Buffer Overflow (APSB13-04; CVE-2013-0634)

A remote code execution vulnerability has been reported in Adobe Flash Player...

7.4AI score0.77597EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2013/02/06 12:0 a.m.•3 views

Sourcefire Snort rule20275eval Buffer Overflow

A buffer overflow vulnerability has been reported in a pre-compiled Snort rule distributed by Sourcefire. The vulnerability is due to a stack buffer overflow in rule 3:20275.A remote attacker can exploit this issue by sending a malicious response packet containing a overly long message to the...

8.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/06 12:0 a.m.•4 views

Adobe Reader and Acrobat rt3d.dll Buffer Overflow (APSB11-03; CVE-2011-0606)

A stack-based buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability occurs in the rt3d.dll while processing a pdf file. A remote attacker could trigger this issue via a specially crafted file. Successful exploitation could result in arbitrary code executio...

9.3CVSS7.5AI score0.0689EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/02/06 12:0 a.m.•3 views

Advantech WebAccess HMI and SCADA Software Cross-Site Scripting

A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser...

7AI score
Exploits0
Total number of security vulnerabilities13538