Lucene search

K

Sharepoint Services Security Vulnerabilities

cve
cve

CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Servic...

6.7AI Score

0.005EPSS

2004-01-20 05:00 AM
24
cve
cve

CVE-2007-2581

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default....

5.7AI Score

0.967EPSS

2007-05-09 09:19 PM
125
cve
cve

CVE-2010-0817

Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

5.6AI Score

0.845EPSS

2010-04-29 09:30 PM
33
cve
cve

CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or ...

5.4AI Score

0.743EPSS

2010-06-08 08:30 PM
51
2
cve
cve

CVE-2010-1264

Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."

6.5AI Score

0.967EPSS

2010-06-08 08:30 PM
20
cve
cve

CVE-2010-3243

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified ve...

7AI Score

0.944EPSS

2010-10-13 07:00 PM
41
cve
cve

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting ...

7.4AI Score

0.961EPSS

2010-09-17 06:00 PM
53
cve
cve

CVE-2011-1891

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerabilit...

5.1AI Score

0.817EPSS

2011-09-15 12:26 PM
27
cve
cve

CVE-2011-1892

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1...

6.1AI Score

0.089EPSS

2011-09-15 12:26 PM
54
cve
cve

CVE-2011-1893

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."

5.1AI Score

0.817EPSS

2011-09-15 12:26 PM
23
cve
cve

CVE-2012-1863

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint R...

5.4AI Score

0.837EPSS

2012-07-10 09:55 PM
127
cve
cve

CVE-2012-2520

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

5.6AI Score

0.344EPSS

2012-10-09 09:55 PM
29
cve
cve

CVE-2013-0081

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

6.4AI Score

0.45EPSS

2013-09-11 02:03 PM
107
cve
cve

CVE-2013-1315

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (...

7.6AI Score

0.815EPSS

2013-09-11 02:03 PM
110
cve
cve

CVE-2013-1330

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC D...

7.4AI Score

0.911EPSS

2013-09-11 02:03 PM
110
cve
cve

CVE-2013-3179

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

5AI Score

0.343EPSS

2013-09-11 02:03 PM
29
cve
cve

CVE-2013-3847

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

7.5AI Score

0.706EPSS

2013-09-11 02:03 PM
35
cve
cve

CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gol...

7.2AI Score

0.02EPSS

2014-05-14 11:13 AM
48
cve
cve

CVE-2015-0085

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer,...

7.4AI Score

0.899EPSS

2015-03-11 10:59 AM
34
cve
cve

CVE-2018-1005

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.5AI Score

0.005EPSS

2018-04-12 01:29 AM
34
cve
cve

CVE-2018-1014

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.5AI Score

0.005EPSS

2018-04-12 01:29 AM
32
cve
cve

CVE-2018-1028

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

8.8CVSS

8.3AI Score

0.138EPSS

2018-04-12 01:29 AM
332
cve
cve

CVE-2018-1032

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

5.5AI Score

0.005EPSS

2018-04-12 01:29 AM
37
cve
cve

CVE-2018-1034

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.5AI Score

0.005EPSS

2018-04-12 01:29 AM
26
cve
cve

CVE-2018-8149

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

5.5AI Score

0.005EPSS

2018-05-09 07:29 PM
40
cve
cve

CVE-2018-8155

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.5AI Score

0.005EPSS

2018-05-09 07:29 PM
34
cve
cve

CVE-2018-8156

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. ...

5.4CVSS

5.5AI Score

0.005EPSS

2018-05-09 07:29 PM
38
cve
cve

CVE-2018-8161

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from C...

7.8CVSS

7.7AI Score

0.293EPSS

2018-05-09 07:29 PM
51
cve
cve

CVE-2018-8168

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

5.5AI Score

0.005EPSS

2018-05-09 07:29 PM
45
cve
cve

CVE-2018-8252

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.5AI Score

0.005EPSS

2018-06-14 12:29 PM
41
cve
cve

CVE-2018-8254

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. ...

5.4CVSS

5.5AI Score

0.005EPSS

2018-06-14 12:29 PM
47
cve
cve

CVE-2018-8299

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.005EPSS

2018-07-11 12:29 AM
48
cve
cve

CVE-2018-8300

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.

8.8CVSS

8.3AI Score

0.06EPSS

2018-07-11 12:29 AM
42
cve
cve

CVE-2018-8323

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.005EPSS

2018-07-11 12:29 AM
35
cve
cve

CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microso...

5.5CVSS

4.9AI Score

0.002EPSS

2018-08-15 05:29 PM
144
cve
cve

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

5.4CVSS

5.5AI Score

0.002EPSS

2018-09-13 12:29 AM
147
cve
cve

CVE-2018-8428

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.005EPSS

2018-09-13 12:29 AM
32
cve
cve

CVE-2018-8431

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

5.6AI Score

0.005EPSS

2018-09-13 12:29 AM
53
cve
cve

CVE-2018-8480

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.007EPSS

2018-10-10 01:29 PM
112
cve
cve

CVE-2018-8488

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.007EPSS

2018-10-10 01:29 PM
39
cve
cve

CVE-2018-8498

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.007EPSS

2018-10-10 01:29 PM
38
cve
cve

CVE-2018-8518

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from...

5.4CVSS

5.6AI Score

0.007EPSS

2018-10-10 01:29 PM
50
cve
cve

CVE-2018-8568

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

6.3AI Score

0.006EPSS

2018-11-14 01:29 AM
42
cve
cve

CVE-2018-8572

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoin...

5.4CVSS

6.3AI Score

0.006EPSS

2018-11-14 01:29 AM
43
cve
cve

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

4.3CVSS

5.3AI Score

0.002EPSS

2018-11-14 01:29 AM
43
cve
cve

CVE-2018-8580

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microso...

4.3CVSS

4AI Score

0.004EPSS

2018-12-12 12:29 AM
61
cve
cve

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

7.8CVSS

6.1AI Score

0.019EPSS

2018-12-12 12:29 AM
428
cve
cve

CVE-2018-8635

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, M...

8.8CVSS

4.9AI Score

0.001EPSS

2018-12-12 12:29 AM
46
cve
cve

CVE-2018-8650

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.

5.4CVSS

4.2AI Score

0.001EPSS

2018-12-12 03:29 PM
32
cve
cve

CVE-2019-0556

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019...

5.4CVSS

5.1AI Score

0.001EPSS

2019-01-08 09:29 PM
48
Total number of security vulnerabilities54