Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/05/16 12:0 a.m.•0 views

Crypttech CryptoLog Remote Code Execution

A sql injection vulnerability and a command injection vulnerability exist in Crypttech CryptoLog. The vulnerability is due to insufficient input validation in the application. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code in the context o...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/16 12:0 a.m.•13 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)

An information disclosure vulnerability exists in the SMBv1 component of Microsoft Windows SMB server. The vulnerability is due to improper handling of SMBv1 requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMBv1 messages to a target server...

9.3CVSS2AI score0.99373EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2017/05/15 12:0 a.m.•7 views

HPE Intelligent Management Center RMI Registry Insecure Deserialization (CVE-2017-5792)

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by RMI Registry while having vulnerable classes in the code path. A remote, unauthenticated attacker can exploit this vulnerability by...

7.5CVSS2.1AI score0.34882EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/05/15 12:0 a.m.•19 views

Mantis Bug Tracker verify.php confirm_hash Remote Password Reset (CVE-2017-7615)

A remote password reset vulnerability exists in Mantis Bug Tracker. The vulnerability is due to a lack of input validation on the confirmhash parameter when verifying password reset requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to th...

6.5CVSS1.9AI score0.90856EPSS
Exploits10
Check Point Advisories
Check Point Advisories
•added 2017/05/14 12:0 a.m.•1 views

Terror Exploit Kit URL Pattern

Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/14 12:0 a.m.•2 views

Magento Vimeo Invalid Image Cross Site Request Forgery

A cross-site request forgery vulnerability exists in Magento. The vulnerability is due to insufficient CSRF protections, that enables an attacker to upload arbitrary files including PHP files to a target server. A remote attacker can exploit this vulnerability by enticing a target authenticated...

3.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/14 12:0 a.m.•3 views

Microsoft Windows DoublePulsar SMB Remote Code Execution

A remote code execution vulnerability exist in Microsoft Server Message Block SMB. The vulnerability is due to the way SMB service handles certain requests. The Fuzzbunch tool allows attackers to execute this exploit. An attacker who successfully exploits this vulnerability can execute arbitrary...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/11 12:0 a.m.•6 views

Oracle MySQL sql_authentication Integer Overflow (CVE-2017-3599)

A vulnerability exist in Oracle MySQL. The vulnerability is due to an integer overflow in the Pluggable Authentication module of MySQL. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the vulnerable server. Successful exploitation could result in...

7.8CVSS4.9AI score0.89924EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/05/11 12:0 a.m.•2 views

Network Time Protocol Daemon peer xmit mode Denial of Service (CVE-2017-6464)

A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a lack of input validation on the mode parameter in peerxmit when configuring ntp servers. A remote, authenticated attacker can exploit this vulnerability by sending a crafted packet to...

4CVSS4.4AI score0.05103EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/11 12:0 a.m.•16 views

Dovecot SASL Authentication Component Denial of Service (CVE-2016-8652)

A denial of service vulnerability exists in the SASL authentication component of Dovecot server. The vulnerability is due to improper handling of username when processing SASL authentication if auth-policy component has been activated. A remote attacker could exploit this vulnerability by sending...

4.3CVSS3.2AI score0.48197EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•0 views

Serviio Media Server Remote Code Execution

A code execution vulnerability exists in Serviio Media Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•4 views

Apple Safari WebKit JSString Use After Free Code Execution (CVE-2017-2491)

Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...

6.8CVSS8AI score0.08038EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•8 views

Adobe Acrobat and Reader Information Disclosure (APSB17-11: CVE-2017-3045)

An information disclosure vulnerability exists in Adobe Acrobat and Reader. The vulnerability is caused due to insufficient bounds check in JPEG 2000 parser. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

4.3CVSS6.7AI score0.04107EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3074)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•8 views

HPE Intelligent Management Center CommonUtils ZIP Directory Traversal (CVE-2017-5793)

A directory traversal vulnerability exist in HPE Intelligent Management Center. The vulnerability is due to a lack of proper input sanitization on uploaded ZIP files handled by the CommonUtils class. A remote attacker can exploit this vulnerability by sending an HTTP request containing a...

9CVSS3AI score0.04594EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•9 views

HPE Intelligent Management Center accessMgrServlet Insecure Deserialization (CVE-2017-5790)

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by the accessMgrServlet while having vulnerable classes in the code path. A remote, unauthenticated attacker can exploit this vulnerabili...

10CVSS3.1AI score0.1834EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•6 views

Microsoft Office Multiple Remote Code Execution (CVE-2017-0261)

A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...

9.3CVSS2.9AI score0.7813EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•7 views

Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230)

A directory traversal vulnerability has been reported in Oracle Fusion Middleware MapViewer. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploaderServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HT...

9CVSS8.1AI score0.02005EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•4 views

Serviio Media Server Cross-Site Scripting

A cross-site scripting vulnerability exists in Serviio Media Server. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•10 views

Microsoft Office EPS Remote Code Execution (CVE-2017-0262)

A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...

9.3CVSS3.1AI score0.80734EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•22 views

Microsoft Windows COM Elevation of Privilege (CVE-2017-0214)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way Windows validate input before loading type libraries. A remote attacker can exploit this vulnerability to execute arbitrary code...

4.4CVSS6.9AI score0.03457EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•18 views

Intel AMT Framework Unauthorized Admin Entry (CVE-2017-5689)

An unauthorized admin entry vulnerability exists within Intel AMT services. The vulnerability exists because of a mishandling of admin password request. A successful attack can give remote access to the administrator account...

10CVSS4.2AI score0.92189EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•1 views

Check-Host Website Monitoring Service

Check-Host is a web service for checking the availability of hosts, DNS records, and IP addresses from different locations. It may be used to gather information on target servers as a preliminary stage before launching an attack...

2.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB17-15: CVE-2017-3071)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS3.2AI score0.0621EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•5 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0228)

A memory corruption vulnerability exists in Microsoft Browsers. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8AI score0.16992EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•8 views

Microsoft Malware Protection Engine Type Confusion Remote Code Execution (CVE-2017-0290)

A type confusion vulnerability exists in Microsoft Malware Protection Engine. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code...

9.3CVSS3.9AI score0.77207EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•10 views

Microsoft Office Remote Code Execution (CVE-2017-0243)

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.8AI score0.21469EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3073)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.0486EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3072)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•24 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3069)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•18 views

Microsoft Windows COM Elevation of Privilege (CVE-2017-0213)

An elevation of privilege exists in Windows COM Aggregate Marshaler. The vulnerability is due to improper handling of certain objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges...

1.9CVSS6.6AI score0.84138EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•2 views

Microsoft Windows DNS Server Denial of Service (CVE-2017-0171)

A denial of service vulnerability exists in Windows DNS servers. This vulnerability is due to a mishandling of malformed packets by the DNS servers. An attacker can exploit this vulnerability by sending a malformed packet to a Windows DNS server...

4.3CVSS6.4AI score0.0406EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•4 views

Microsoft Edge Memory Corruption (CVE-2017-0240)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft scripting engines handle objects in memory. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the rights of the current user...

7.6CVSS7.7AI score0.14728EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•5 views

Microsoft Edge Memory Corruption (CVE-2017-0227)

A type confusion memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8.2AI score0.13788EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3068)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted FLV file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted FLV file...

10CVSS4.5AI score0.20353EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3070)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•2 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0259)

An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the Windows kernel improperly initializing objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...

1.9CVSS5.2AI score0.09659EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•17 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0236)

A memory corruption vulnerability exists in Microsoft Edge. The Vulnerability is due to the JScript and VBScript engines improperly handling objects in memory in. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the same rights as the...

7.6CVSS7.9AI score0.31582EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•8 views

Microsoft Win32k Information Disclosure (CVE-2017-0245)

An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to the win32k component improperly providing kernel information. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system of the user...

1.9CVSS5.2AI score0.07704EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•11 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0234)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.3AI score0.38115EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•3 views

Microsoft Win32k Elevation of Privilege (CVE-2017-0246)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation...

6.9CVSS7.1AI score0.01301EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•12 views

Microsoft Win32k Information Disclosure (CVE-2017-0077)

A null pointer dereference vulnerability exists within the DDI of Windows. The vulnerability is due to the failure of Windows kernel-mode driver to properly handle objects in memory. A remote unauthenticated attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.6AI score0.01537EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•7 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0238)

A heap buffer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.8AI score0.18074EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•11 views

Microsoft Internet Explorer Security Feature Bypass (CVE-2017-0064)

A security feature bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improper implementation of the mixed content warning security feature. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected versi...

4.3CVSS6.9AI score0.05195EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•5 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0258)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...

1.9CVSS5.3AI score0.07363EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•23 views

Exponent CMS eaasController.php api Function SQL Injection (CVE-2017-7991)

A SQL injection vulnerability has been reported in Exponent CMS. The vulnerability is due to a lack of input validation on the apikey HTTP parameter by the api function. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the affected page...

7.5CVSS1.4AI score0.02109EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•5 views

Microsoft Edge Remote Code Execution (CVE-2017-0266)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way affected Microsoft scripting engines render when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS7.9AI score0.35821EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•6 views

Microsoft Edge Memory Corruption (CVE-2017-0221)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling of objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge allowing...

7.6CVSS8.2AI score0.04775EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•7 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0220)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...

1.9CVSS4.7AI score0.07464EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•7 views

Microsoft Windows Kernel Information Disclosure (CVE-2017-0175)

An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successfully exploiting this vulnerability can result in Elevation-of-Privilege...

2.1CVSS4.7AI score0.07048EPSS
Exploits1
Total number of security vulnerabilities13538