Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2020/12/29 12:0 a.m.•6 views

Microsoft SharePoint Server Remote Code Execution (CVE-2020-16951)

A remote code execution vulnerability exists in Microsoft SharePoint server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.6AI score0.01309EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/29 12:0 a.m.•3 views

Linksys RE6500 Remote Code Execution

A remote code execution vulnerability exists in Linksys RE6500. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/29 12:0 a.m.•4 views

PHPGurukul Admin Panel SQL Injection (CVE-2020-25952)

An SQL Injection vulnerability exists in PHPGurukul Admin Panel. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

7.5CVSS3.3AI score0.04078EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/29 12:0 a.m.•5 views

OsCommerce Phoenix CE Command Injection (CVE-2020-27976)

A command injection vulnerability exists in OsCommerce Phoenix CE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.2AI score0.06981EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•3 views

Microsoft Media Foundation Information Disclosure (CVE-2020-0939)

An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

4.3CVSS5.1AI score0.0845EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•9 views

Apache SkyWalking Storage SQL Injection (CVE-2020-13921)

An SQL injection vulnerability exists in Apache SkyWalking MySQL storage implementation. The vulnerability is due to insufficient validation of the user supplied input for wildcard alarm search query through GraphQL protocol...

7.5CVSS2.8AI score0.33478EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•15 views

Web Servers Memory Corruption Attempt (CVE-2020-12000; CVE-2020-13934; CVE-2020-3239; CVE-2020-9490)

A memory corruption vulnerability can be exploited by malicious actors. Successful exploitation could cause damage to target systems...

9CVSS3.7AI score0.89744EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•5 views

Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)

A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...

7.5CVSS3.1AI score0.21869EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/28 12:0 a.m.•9 views

Apache SkyWalking Storage SQL Injection (CVE-2020-9483)

An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...

5CVSS3.4AI score0.34613EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•5 views

PHP Arbitrary File Upload (CVE-2020-12255; CVE-2020-23828)

Malicious PHP files can be uploaded to a server due to improper validation. Successful exploitation could result in execution of arbitrary code on the target system...

7.5CVSS3.1AI score0.52582EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•7 views

Web Servers Directory Traversal Attempt (CVE-2020-10631; CVE-2020-13158; CVE-2020-13886; CVE-2020-3240)

A directory traversal vulnerability exists in web servers. Successful exploitation of this vulnerability could result in information disclosure or execution of arbitrary code...

8.5CVSS4.1AI score0.53524EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•3 views

Trend Micro IWSVA Remote Code Execution (CVE-2020-8466)

A remote code execution vulnerability exists in Trend Micro IWSVA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.63711EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•1 views

Nagios XI SNMP Trap SQL Injection

An SQL injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the SNMP Trap edit functionality...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•4 views

Microsoft Sharepoint Remote Code Execution (CVE-2020-1210)

A remote code execution vulnerability exists in Microsoft Sharepoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS8.8AI score0.0176EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•8 views

TP-Link TL-WR849N Routers Remote Code Execution (CVE-2020-9374)

A command execution vulnerability exists in Tplink tlwr849n firmware 0.9.1 4.16. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS7.5AI score0.42047EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•4 views

Veeam ONE SSRSReport XML External Entity Injection (CVE-2020-15418)

An XML external entity injection vulnerability exists in Veeam ONE. The vulnerability is due to insufficient handling of XML external entities in requests submitted to the server...

7.8CVSS2.6AI score0.09402EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•6 views

WordPress Canto Plugin Server-Side Request Forgery (CVE-2020-28976; CVE-2020-28977; CVE-2020-28978)

A sever-side request forgery vulnerability exists in WordPress Canto Plugin. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and...

5CVSS1.3AI score0.26037EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•2 views

IBM Spectrum Protect Plus Command Injection (CVE-2020-4206)

A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the timezone parameter...

9CVSS4.8AI score0.04612EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•3 views

Trend Micro IMSVA External Entity Injection (CVE-2020-27017)

An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...

4CVSS4.1AI score0.06392EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•5 views

ISC BIND DNS Server Denial of Service (CVE-2020-8620)

A denial-of-service vulnerability exists in ISC BIND DNS Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS4.6AI score0.03663EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•5 views

Micro Focus Secure Messaging Gateway Command Injection (CVE-2020-11852)

A command injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to improper validation of SaveData parameter within managedomainssavedata.json.php...

9CVSS2.5AI score0.01368EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•5 views

FasterXML jackson-databind Remote Code Execution (CVE-2020-14645; CVE-2020-24616; CVE-2020-8840)

FasterXML jackson-databind is a java library that contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor, under the right conditions, exploit Java applications performing unsafe deserialization of objects. Successful exploitation of unsafe deserializatio...

7.5CVSS3.2AI score0.46208EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•7 views

Apache Unomi Remote Code Execution(CVE-2020-13942)

A remote code execution vulnerability exists in the Apache Unomi project. The vulnerability is due to insufficient validation of OGNL and MVEL2. Successful exploitation of this vulnerability could result in execution of arbitrary code...

7.5CVSS3.8AI score0.68398EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•2 views

Web Servers Buffer Overflow Attempt (CVE-2020-3119; CVE-2020-3120; CVE-2020-3172; CVE-2020-8450)

A buffer overflow vulnerability can be exploited by sending a parameter with size larger than can be stored in a buffer. Successful exploitation could result in execution of arbitrary code on the target system or denial of service conditions...

8.3CVSS6.4AI score0.7179EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•5 views

Apache Kylin Remote Code Execution (CVE-2020-1956)

A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.9796EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•4 views

Netkit Telnet Buffer Overflow (CVE-2020-10188)

A buffer overflow vulnerability exists in Netkit Telnet Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

10CVSS5.3AI score0.74513EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/23 12:0 a.m.•3 views

McAfee ePolicy Orchestrator Reflected Cross Site Scripting (CVE-2020-7318)

A reflected cross site scripting vulnerability exists in McAfee ePolicy Orchestrator. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

2.3CVSS5AI score0.01024EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/23 12:0 a.m.•2 views

Mozilla Firefox Memory Corruption (CVE-2020-6806)

A memory corruption vulnerability exists in Mozilla firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.1AI score0.02543EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/23 12:0 a.m.•9 views

Microsoft Windows Privilege Escalation (CVE-2016-3225)

A privilege escalation vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

6.9CVSS7.7AI score0.43493EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•6 views

Online Bus Ticket Reservation Project SQL Injection (CVE-2020-35378)

An SQL injection vulnerability exists in Online Bus Ticket Reservation. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.02025EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•3 views

SourceCodester Sales and Inventory System SQL Injection (CVE-2020-28133)

An SQL injection vulnerability exists in SourceCodester Sales and Inventory System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.7AI score0.02082EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•4 views

Bloodx Project SQL Injection (CVE-2020-29282)

An SQL injection vulnerability exists in Bloodx Project. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.3AI score0.02667EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•2 views

Advantech R-SeeNet SQL Injection (CVE-2020-25157)

A SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to insufficient validation on the deviceid parameter within deviceposition.php...

5CVSS2.7AI score0.01396EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•6 views

ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)

A denial of service vulnerability has been reported in ISC BIND DNS servers. The vulnerability is due to the way that the DNS server improperly handles invalid TKEY resource records. A remote attacker may exploit this issue by sending a specially crafted DNS query to a DNS server. Successful...

7.8CVSS1.7AI score0.91284EPSS
Exploits12
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•9 views

Microsoft Windows Privilege Escalation (CVE-2016-0096)

A privilege escalation vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

7.2CVSS7.7AI score0.02093EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•4 views

Nagios XI Graph Explorer Cross-Site Scripting (CVE-2020-15902)

A cross-site scripting vulnerability exists in Nagios XI. This vulnerability is due to improper validation of the link parameter in visFunctions.inc.php...

4.3CVSS1.6AI score0.35135EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•9 views

Apache Tapestry Information Disclosure (CVE-2020-13953)

An information disclosure vulnerability exists in Apache Tapestry. This vulnerability is due to URL manipulation that allows Java webapp files inside WEB-INF to be listed and downloaded...

5CVSS1.7AI score0.02651EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•4 views

Mcafee VirusScan Enterprise Remote Code Execution (CVE-2016-8020)

A remote code execution vulnerability exists in Mcafee VirusScan Enterprise. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6CVSS5.1AI score0.11097EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/12/22 12:0 a.m.•9 views

Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)

An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

10CVSS6AI score0.93249EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•15 views

Joomla! Remote Code Execution (CVE-2020-10238; CVE-2020-10239; CVE-2021-23132)

A remote code execution vulnerability exists in Joomla!. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS8.6AI score0.06529EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•5 views

XStream Remote Code Execution (CVE-2020-26217)

A remote code execution vulnerability exists in XStream. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.5AI score0.85001EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•5 views

Apache Dubbo Remote Code Execution (CVE-2020-1948)

A remote code execution vulnerability exists in Apache Dubbo. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.13946EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•3 views

Cisco Jabber Cross-Site Scripting (CVE-2020-26085)

A cross site scripting vulnerability exists in Cisco Jabber. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

9CVSS4.9AI score0.02496EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•7 views

Apache Struts Remote Code Execution (CVE-2020-17530)

A remote code execution vulnerability exists in Apache Struts. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.95922EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2020/12/21 12:0 a.m.•23 views

Pligg CMS Cross Site Request Forgery (CVE-2015-6655)

A cross site request forgery vulnerability exists in Pligg CMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

6.8CVSS5.2AI score0.01982EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•9 views

Cisco AnyConnect Secure Mobility Client Privilege Escalation (CVE-2020-3153)

A vulnerability exists in Cisco AnyConnect Secure Mobility Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.9CVSS5.3AI score0.28307EPSS
Exploits15
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•0 views

Nagios Log Server Mail Settings Cross-Site Scripting

A stored cross-site scripting vulnerability exists in Nagios Log Server. The vulnerability is due to insufficient validation of user input in HTTP requests submitted to mail.php endpoint...

0.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•16 views

Web Servers Cross-Site Scripting Attempt (CVE-2020-10820; CVE-2020-10821; CVE-2020-11930; CVE-2020-12256; CVE-2020-12259; CVE-2020-1943; CVE-2020-2096)

Remote attackers may attempt to exploit web servers vulnerable to cross-site scripting vulnerabilities. Successful exploitation could result in damaging user systems...

4.3CVSS3.2AI score0.97253EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•3 views

Oracle Fusion Middleware OiT Component Multiple Vulnerabilities (CVE-2016-3593)

Multiple vulnerabilities exist in Oracle Fusion Middleware Outside in Technology component. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

9CVSS5.1AI score0.0393EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•1 views

SolarWinds SUPERNOVA .NET Webshell Traffic

SolarWinds SUPERNOVA .NET Webshell is a malicious application that allows remote attackers to gain access to an affected system...

6.1AI score
Exploits0
Total number of security vulnerabilities13538