Vulnerabilities > Checkpoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-06-19 | CVE-2012-2753 | Unspecified vulnerability in Checkpoint products Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. local checkpoint | 6.9 |
| 2009-08-21 | CVE-2008-7025 | Remote Denial of Service vulnerability in Checkpoint Zonealarm 8.0.020.000 TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. network checkpoint | 4.3 |
| 2009-08-19 | CVE-2008-7009 | Buffer Errors vulnerability in Checkpoint Zonealarm 7.0.483.000/8.0.020.000 Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. | 6.9 |
| 2009-01-28 | CVE-2008-5994 | Cross-Site Scripting vulnerability in Checkpoint Connectra NGX R62 Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | 4.3 |
| 2009-01-06 | CVE-2008-5849 | Information Exposure vulnerability in Checkpoint Vpn-1 R55/R65 Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. | 5.0 |
| 2008-03-20 | CVE-2008-1397 | Permissions, Privileges, and Access Controls vulnerability in Checkpoint products Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | 6.5 |
| 2008-03-08 | CVE-2008-1208 | Cross-Site Scripting vulnerability in Checkpoint Vpn-1 UTM Edge W Embedded NGX 7.0.48 Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. | 4.3 |
| 2006-07-27 | CVE-2006-3885 | Directory Traversal vulnerability in Checkpoint Firewall-1 R55W Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. | 5.0 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
| 2003-10-20 | CVE-2003-0757 | Unspecified vulnerability in Checkpoint Firewall-1 4.0/4.1 Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. | 5.0 |