CVE-2007-3489
https://notcve.org/view.php?id=CVE-2007-3489
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en pop/WizU.html en la interfaz de administración de Check Point VPN-1 Edge X Embedded NGX 7.0.33x en el Check Point VPN-1 UTM Edge permite a atacantes remotos realizar acciones privilegiadas como administradores, como se ha demostrado utilizando una petición con los parámetros swuuser y swupass, lo cual añade una cuenta de administrador. NOTA: el ataque CSRF no tiene una ventana de tiempo porque no hay capacidad de desconexión en la interfaz de administración. • http://osvdb.org/37645 http://secunia.com/advisories/25853 http://securityreason.com/securityalert/2848 http://www.louhi.fi/advisory/checkpoint_070626.txt http://www.securityfocus.com/archive/1/472371/100/0/threaded http://www.vupen.com/english/advisories/2007/2363 https://exchange.xforce.ibmcloud.com/vulnerabilities/35103 •
CVE-2006-0255
https://notcve.org/view.php?id=CVE-2006-0255
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. • http://secdev.zoller.lu/research/checkpoint.txt http://www.securityfocus.com/archive/1/422263/100/0/threaded http://www.securityfocus.com/bid/16290 http://www.vupen.com/english/advisories/2006/0258 •
CVE-2005-4093 – Check Point VPN-1 SecureClient 4.0 < 4.1 - Policy Bypass
https://notcve.org/view.php?id=CVE-2005-4093
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. • https://www.exploit-db.com/exploits/26754 http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039634.html http://secunia.com/advisories/17837 http://secunia.com/advisories/23395 http://securitytracker.com/id?1015326 http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00798.html http://www.mail-archive.com/swinog%40lists.swinog.ch/msg00799.html http://www.securityfocus.com/bid/15757 http://www.us.debian.org/security/2006/dsa-1237 http://www.vupen.com/english& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-3673
https://notcve.org/view.php?id=CVE-2005-3673
The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://jvn.jp/niscc/NISCC-273756/index.html http://secunia.com/advisories/17621 http://secureknowledge.us.checkpoint.com/SecureKnowledge/viewSolutionDocument.do?id=sk31316 http://securitytracker.com/id?1015235 http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp http://www.kb.cert.org/vuls/id/226364 http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en http://www.securityfocus.com/bid/15479 http://www.vupen.com/english/advisories/2005/2470 •
CVE-2004-0699
https://notcve.org/view.php?id=CVE-2004-0699
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data. Desbordamiento de búfer basado en el montón en la librería de decodificación ASN.1 de productos CheckPoint VPN-1, cuando se ha implementado IKE agresivo, permite a atacantes remotos ejecutar código de su elección iniciando una negociación IKE y enviando un paquete IKE con datos ASN.1 malformados. • http://secunia.com/advisories/12177 http://securitytracker.com/alerts/2004/Jul/1010799.html http://www.checkpoint.com/techsupport/alerts/asn1.html http://www.ciac.org/ciac/bulletins/o-190.shtml http://www.kb.cert.org/vuls/id/435358 http://www.osvdb.org/displayvuln.php?osvdb_id=8290 http://www.securityfocus.com/bid/10820 http://xforce.iss.net/xforce/alerts/id/178 https://exchange.xforce.ibmcloud.com/vulnerabilities/16824 •