CVE-2012-2753
https://notcve.org/view.php?id=CVE-2012-2753
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade, Endpoint Security VPN R75, Endpoint Connect R73.x, y Remote Access Clients E75.x permite a usuarios locales conseguir privilegios a través de un caballo de Troya DLL en el directorio de trabajo actual. • http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480 •
CVE-2011-1827
https://notcve.org/view.php?id=CVE-2011-1827
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. Múltiples vulnerabilidades sin especificar en Check Point SSL Network Extender (SNX), SecureWorkSpace y Endpoint Security On-Demand, como se distribuye en SecurePlatform, IPSO6, Connectra and VSX. Permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran un (1) control ActiveX o (2) applet de Java. • http://www.securityfocus.com/bid/47695 http://www.vupen.com/english/advisories/2011/1162 https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk62410 https://www.sec-consult.com/en/advisories.html#a68 •
CVE-2011-2664
https://notcve.org/view.php?id=CVE-2011-2664
Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. Vulnerabilidad no especificada en Multi-Domain Management / Provider-1 NGX R65, R70, R71, y R75, y SmartCenter durante la instalación en máquinas no Windows, permite a usuarios locales en el sistema MDS sobrescribir archivos de su elección a través de vectores desconocidos. • http://secunia.com/advisories/45231 http://www.securityfocus.com/bid/48656 https://exchange.xforce.ibmcloud.com/vulnerabilities/68502 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63565 •
CVE-2008-7025 – ZoneAlarm 8.0.20 - HTTP Proxy Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-7025
TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. TrueVector en Check Point ZoneAlarm v8.0.020.000, con vsmon.exe en ejecución, permite a proxies HTTP remotos provocar una denegación de servicio (caída) y deshabilitar el módulo HIDS mediante una respuesta manipulada. • https://www.exploit-db.com/exploits/32428 http://www.securityfocus.com/archive/1/496764/100/0/threaded http://www.securityfocus.com/bid/31431 https://exchange.xforce.ibmcloud.com/vulnerabilities/45480 •
CVE-2008-7009 – ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-7009
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en multiscan.exe en Check Point ZoneAlarm Security Suite v7.0.483.000 y v8.0.020.000 permite a usuarios locales ejecutar código de forma arbitraria a través de un fichero o directorio con una ruta larga. NOTA: Algunos de estos detalles fueron obtenidos de terceras personas. • https://www.exploit-db.com/exploits/32356 http://osvdb.org/48097 http://secunia.com/advisories/31832 http://www.securityfocus.com/archive/1/496226/100/0/threaded http://www.securityfocus.com/bid/31124 http://www.securitytracker.com/id?1020859 http://www.vupen.com/english/advisories/2008/2556 https://exchange.xforce.ibmcloud.com/vulnerabilities/45082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •