Many HTTP servers, especially on routers and other network device, have well-known default user credentials. In many cases, these default credentials are not changed by the administrator. An attacker might scan the network in order to discover such devices, and use these default credentials to log into the system and gain complete control over the server or network device.
Category Archives: Checkpoint
Checkpoint
Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2937)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
Adobe Acrobat and Reader Type Confusion (APSB17-01: CVE-2017-2962)
A type confusion vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file with an affected version of Adobe Acrobat or Adobe Reader .
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2961)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.
Adobe Flash Player Use After Free Code Execution (APSB17-02: CVE-2017-2936)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2964)
A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPEG file.
Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2951)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.
ImageMagick SyncExifProfile Out Of Bounds Array Indexing (CVE-2016-7799)
A out-of-bounds array indexing vulnerability exists in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. Successful exploitation could result in arbitrary code execution.
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2939)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a file with malformed cross-reference table. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file.
Web Servers Malicious Upload Directory Traversal
A directory traversal vulnerability exists in web servers. The vulnerability allows unauthorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the context of SYSTEM.