Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•0 views

WordPress 10Web Photo Gallery Plugin SQL Injection

An SQL injection vulnerability exists in 10Web Photo Gallery Plugin for WordPress. The vulnerability is due to insufficient sanitization of user input...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•0 views

Redis Authentication Bypass Remote Command Execution

An authentication bypass vulnerability exists in Redis. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

7.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•0 views

Redaxo CMS Addon MyEvents SQL Injection

An SQL injection vulnerability exists in Redaxo. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•5 views

TP-Link Cloud Cameras Stack Overflow (CVE-2020-13224)

A buffer overflow vulnerability exists in TP-Link cloud cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

9CVSS5.1AI score0.02183EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•6 views

OpenEMR fax_dispatch.php Command Injection (CVE-2018-1000019)

A command injection vulnerability exists in openemr openemr 5.0.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.7AI score0.03827EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•4 views

Trendmicro Email Encryption Gateway SQL Injection (CVE-2018-6230)

An SQL injection vulnerability exists in trendmicro email encryption gateway 5.5. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

8.3CVSS5.4AI score0.03466EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•3 views

PHP-Proxy Information Disclosure (CVE-2018-19246)

An information disclosure vulnerability exists in PHP Proxy 5.1.0. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

5CVSS2.2AI score0.21951EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•2 views

Mosca Project Denial of Service (CVE-2018-11615)

A denial-of-service vulnerability exists in mosca project mosca 2.8.1. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

7.8CVSS4.6AI score0.03346EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/25 12:0 a.m.•3 views

Oracle Hospitality Simphony Remote Code Execution (CVE-2018-2636)

A vulnerability exists in Oracle Hospitality Simphony. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS4.8AI score0.13725EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/06/23 12:0 a.m.•6 views

Kibana Elasticsearch Server Side Request Forgery (CVE-2019-7616)

A server side request forgery vulnerability exists in Kibana Elasticsearch. Successful exploitation of this vulnerability could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system...

4CVSS2.2AI score0.02138EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/21 12:0 a.m.•3 views

QuickBox Remote Code Execution (CVE-2020-13448)

A remote code execution vulnerability exists in QuickBox media server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS6.4AI score0.17772EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/06/21 12:0 a.m.•4 views

iXsystems FreeNAS Denial of Service (CVE-2020-11650)

A denial of service vulnerability exists in iXsystems FreeNAS. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition on an affected system...

5CVSS4AI score0.02952EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/21 12:0 a.m.•9 views

Tenda Buffer Overflow (CVE-2020-13389; CVE-2020-13390; CVE-2020-13391; CVE-2020-13392; CVE-2020-13393)

A buffer overflow vulnerability exists in Tenda. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

7.5CVSS5.5AI score0.03292EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/06/21 12:0 a.m.•20 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•2 views

Zoho ManageEngine Directory Traversal (CVE-2020-13818)

A directory traversal vulnerability exists in ManageEngine OpManager. This vulnerability is due to improper validation of user input in the request URI...

5CVSS3.6AI score0.37033EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•0 views

Netgear R7000 Router Remote Code Execution

A remote code execution vulnerability exists in Netgear R7000 router. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected system...

7.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•9 views

Pandora FMS Remote Code Execution (CVE-2020-13851; CVE-2020-13852; CVE-2020-13855)

A remote code execution vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.6AI score0.91095EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•3 views

Pandora FMS Persistent Cross-Site Scripting (CVE-2020-13853)

A persistent cross site scripting vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

3.5CVSS6.2AI score0.01044EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•13 views

IBM Tivoli Key Lifecycle Manager Cross-Site Request Forgery (CVE-2017-1672)

A vulnerability exists in ibm security key lifecycle manager. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

6.8CVSS5.3AI score0.00556EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•7 views

Zoho ManageEngine Directory Traversal (CVE-2020-12116)

A directory traversal vulnerability exists in ManageEngine OpManager. This vulnerability is due to improper validation of user input in the request URI...

5CVSS3.6AI score0.97418EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/20 12:0 a.m.•5 views

Cacti Cross-Site Scripting (CVE-2020-13231)

A cross site scripting vulnerability exists in Cacti. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

4.3CVSS7AI score0.00848EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/17 12:0 a.m.•1 views

Advantech WebAccess SCADA Arbitrary File Deletion

An arbitrary file deletion vulnerability exists in Advantech WebAccess. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations within BwPSLink.exe...

2.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/17 12:0 a.m.•2 views

PHP-Fusion Administration banners.php Cross-Site Scripting (CVE-2020-12438)

A stored cross-site scripting vulnerability exists in PHP-Fusion Banner feature. The vulnerability is due to improper validation of user input in HTTP requests...

3.5CVSS0.8AI score0.00582EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/17 12:0 a.m.•5 views

Centreon RRDdatabase_status_path Command Injection (CVE-2020-13252; CVE-2020-22345)

A command injection vulnerability exists in the Centreon Web Application. The vulnerability is due to improper validation of the RRDdatabasestatuspath parameter in an HTTP request...

9CVSS1.4AI score0.05415EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/06/17 12:0 a.m.•2 views

Dovecot Null Pointer Dereference (CVE-2020-10957)

A Null pointer dereference vulnerability exists in Dovecot. Successful exploitation results in a denial of service condition on the affected service...

5CVSS3.4AI score0.07167EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/06/17 12:0 a.m.•3 views

Dovecot Denial of Service (CVE-2020-10967)

A denial-of-service vulnerability exists in Dovecot. Successful exploitation of this vulnerability could cause a denial-of-service condition...

5CVSS3.7AI score0.08153EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•8 views

Pi-Hole DHCP Command Injection (CVE-2020-8816)

A command injection vulnerability exists in Pi-hole. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.4AI score0.77847EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•2 views

Project Pier Remote File Inclusion (CVE-2018-10759)

A command execution vulnerability exists in projectpier project projectpier x=0.8.8. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.2AI score0.01862EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•0 views

Joomla J2Store SQL Injection

An SQL injection vulnerability exists in Joomla J2Store. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•3 views

Microsoft Windows Kernel Elevation of Privilege (CVE-2020-0986)

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create ne...

7.2CVSS3.1AI score0.15932EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•8 views

Symphony CMS Cross-Site Scripting (CVE-2015-8376)

A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

4.3CVSS5.4AI score0.00948EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•5 views

GitStack Authentication Bypass (CVE-2018-5955)

A vulnerability exists in smart-mobile-software GitStack. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

7.5CVSS6.4AI score0.81281EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•19 views

ISC Bind Denial Of Service (CVE-2020-8617)

A denial-of-service vulnerability exists in ISC Bind. Successful exploitation of this vulnerability could cause a denial-of-service condition...

4.3CVSS3.5AI score0.93422EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•5 views

Symphony CMS SQL Injection (CVE-2013-2559)

An SQL injection vulnerability exists in the Symphony CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

6.5CVSS5.1AI score0.02355EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•4 views

Schneider Electric U.motion Builder Information Disclosure (CVE-2018-7787)

A vulnerability exists in Schneider Electric U.motion Builder 1.3.4. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

5CVSS4.4AI score0.01102EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/16 12:0 a.m.•3 views

Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)

A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...

5CVSS3.6AI score0.04404EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/06/15 12:0 a.m.•3 views

Symphony CMS SQL Injection (CVE-2010-3458)

An SQL injection vulnerability exists in the Symphony CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.1AI score0.01023EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/15 12:0 a.m.•2 views

Canon Oce Colorwave Printer Cross Site Scripting (CVE-2020-10667)

A cross-site scripting vulnerability exists in Canon Oce Colorwave printer. Successful exploitation of this vulnerability could allow a remote attacker to inject an arbitrary web script into the affected system...

4.3CVSS3.9AI score0.01714EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/06/15 12:0 a.m.•2 views

Symphony CMS Cross-Site Scripting (CVE-2010-3457)

A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

4.3CVSS5.4AI score0.01528EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/15 12:0 a.m.•5 views

Symphony CMS Cross-Site Scripting (CVE-2015-8766)

A cross site scripting vulnerability exists in Symphony CMS. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

4.3CVSS5.4AI score0.01767EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/11 12:0 a.m.•8 views

Wordpress BBPress Plugin Privilege Escalation (CVE-2020-13693)

A Privilege Escalation vulnerability exists in Wordpress BBPress Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

7.5CVSS5.4AI score0.43879EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/06/10 12:0 a.m.•9 views

WordPress Drag And Drop Plugin Remote Code Execution (CVE-2020-12800)

A remote code execution vulnerability exists in WordPress Drag And Drop plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.3AI score0.78751EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2020/06/10 12:0 a.m.•3 views

Zoom Client Arbitrary File Write (CVE-2020-6109)

An arbitrary file write vulnerability exists in Zoom Client. Successful exploitation of this vulnerability could result in code execution on the affected system...

7.5CVSS3.7AI score0.04914EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/10 12:0 a.m.•8 views

NOKIA VitalSuite SPM SQL Injection (CVE-2021-41487)

An SQL injection vulnerability exists in the NOKIA VitalSuite SPM. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS6.6AI score0.01639EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•4 views

Microsoft Windows SMBv3 Client/Server Information Disclosure (CVE-2020-1206)

An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

5CVSS1.9AI score0.0954EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•2 views

Microsoft VBScript Remote Code Execution (CVE-2020-1215)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS8.5AI score0.08022EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•2 views

Microsoft Win32k Elevation of Privilege (CVE-2020-1247)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2CVSS7.9AI score0.00856EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•3 views

Microsoft Win32k Elevation of Privilege (CVE-2020-1253)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2CVSS7.9AI score0.00899EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•4 views

Microsoft Win32k Elevation of Privilege (CVE-2020-1251)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2CVSS7.9AI score0.00854EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/06/09 12:0 a.m.•4 views

Microsoft Windows SMBv1 Driver Integer Overflow Denial Of Service (CVE-2020-1301)

An integer overflow vulnerability exists in Microsoft. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS6.3AI score0.36708EPSS
Exploits1
Total number of security vulnerabilities13538