CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1208 – Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1208
08 Mar 2008 — Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de entrada de usuarios de Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámentro useCheck Point VPN-1 UTM r (usuario). • https://www.exploit-db.com/exploits/31340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0662
https://notcve.org/view.php?id=CVE-2008-0662
08 Feb 2008 — The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. La característica Auto Local Logon en Check Point VPN-1 SecuRemote/SecureClient NGX R60 y R56 para las credenciales de caché de Windows bajo la clave de registro Checkpoint\SecuRemote, que tiene permisos Everyone/Ful... • http://digihax.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-4216 – iDEFENSE Security Advisory 2007-08-20.2
https://notcve.org/view.php?id=CVE-2007-4216
21 Aug 2007 — vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. vsdatant.sys versión 6.5.737.0 en Check Point Zone Labs ZoneAlarm versiones anteriores a 7.0.362, permite a usuarios locales alcanzar privilegios por medio de un Interrupt Request Packet (Irp) diseñado en una petición (1) I... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3489
https://notcve.org/view.php?id=CVE-2007-3489
29 Jun 2007 — Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. Vulnerabilidad de falsificación de petición en... • http://osvdb.org/37645 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2730
https://notcve.org/view.php?id=CVE-2007-2730
16 May 2007 — Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas... • http://osvdb.org/37383 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2689
https://notcve.org/view.php?id=CVE-2007-2689
16 May 2007 — Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. CheckPoint Web Intelligence no maneja adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://www.gamasec.net/english/gs07-01.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2174
https://notcve.org/view.php?id=CVE-2007-2174
24 Apr 2007 — The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. el manejo de IOCTL en srescan.sys en el ZoneAlarm Spyware Removal Engine (SRE) de Check Point ZoneAlarm anterior a 5.0.156.0 permite a usuarios locales ejecutar código de su elección a través de determinadas direcciones de parámetros lrp IOCTL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 1CVE-2007-0471
https://notcve.org/view.php?id=CVE-2007-0471
24 Jan 2007 — sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. El archivo sre/params.php en el componente Integrity Clientless Security (ICS) en Check Point Connectra NGX R62 versión 3.x y anteriores a Security Hotfix versión 5, y posiblemente VPN-1 NGX R62, per... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051920.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2006-3885
https://notcve.org/view.php?id=CVE-2006-3885
27 Jul 2006 — Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264. Vulnerabilidad de salto de directorio en Check Point Firewall-1 R55W anterior a HFA03 permite a atacantes remotos leer archivos de su elección mediante un .. (punto punto) codificado en el URL en el puerto TCP 18264. • http://secunia.com/advisories/21200 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0255
https://notcve.org/view.php?id=CVE-2006-0255
18 Jan 2006 — Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. • http://secdev.zoller.lu/research/checkpoint.txt •