A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could allow the attacker to spoof requests to the server as if from the target user.
Category Archives: Checkpoint
Checkpoint
WordPress Ninja Forms Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress Ninja Forms Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
JexBoss Security Scanner
JexBoss is a vulnerability scanning product. Remote attackers can use JexBoss to detect vulnerabilities on a target server.
Fortinet Cookie Overflow Remote Code Execution (EGREGIOUSBLUNDER)
An overflow vulnerability exists in authentication cookie on Fortinet firewalls. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected system.
Cisco ASA Disable Password Remote Code Execution (Extrabacon; CVE-2016-6366)
A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software has been reported. A remote attacker could exploit the vulnerability to remotely execute arbitrary code on the affected system.
Command Injection Over Telnet
Telnet is an internet protocol that provides access to remote computers using a virtual terminal. A remote attacker may use an open Telnet service to run arbitrary code on the victim machine.
Adobe Acrobat and Reader Security Bypass (APSB16-14 : CVE-2016-1040; CVE-2016-1040)
A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Reader handles certain API functions, that could lead to bypass restrictions. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file.
Drupal CODER Module Remote Code Execution
A code execution vulnerability exists in Drupal CODER Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
WECON LeviStudio Stack Buffer Overflow
The vulnerability is due to improper parsing of XML HmiSet Type attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.
Adobe Acrobat and Reader Use After Free (APSB16-26: CVE-2016-4206; CVE-2016-4206)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while handling a specially crafted PDF file that leads to out-of-bounds memory access. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.