CVE-2018-7890

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 build 13640. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal...

Command injection

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 build 13640. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal...

Microsoft Office CVE-2017-0281 Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

MS12-043 and MS13-002: Description of the security update for XML Core Services 5.0 when it is installed together with Office SharePoint Server 2007 or Groove Server 2007: January 8, 2013

MS12-043 and MS13-002: Description of the security update for XML Core Services 5.0 when it is installed together with Office SharePoint Server 2007 or Groove Server 2007: January 8, 2013 View products that this article applies to.Microsoft has released security bulletin MS12-043 and MS13-002. To...

MS11-074: Description of the security update for Office SharePoint Server 2010 (osrchwfe): September 13, 2011

MS11-074: Description of the security update for Office SharePoint Server 2010 osrchwfe: September 13, 2011 INTRODUCTION Microsoft has released security bulletin MS11-074. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

Security Update for Microsoft Office SharePoint Server 2007 (KB2687497) 32-Bit Edition

A security vulnerability exists in Microsoft Office SharePoint Server 2007 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Microsoft Office SharePoint Server 2007 - Remote Code Execution (MS10-104) (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Microsoft Office SharePoint Server 20...

CVE-2012-1862

CVE-2012-1862 is an open-redirect vulnerability affecting Microsoft Office SharePoint Server 2007 SP2 and SP3. The issue arises from improper handling/sanitization of user-supplied input in SharePoint’s URL processing, allowing an attacker to redirect victims to arbitrary external sites and poten...

Microsoft SharePoint CVE-2012-1862 URI Redirection Vulnerability

Description Microsoft SharePoint is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link,...

Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

CVE-2012-0144

Cross-site scripting XSS vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability...

Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)

This host is missing an important security update according to Microsoft Bulletin MS10-072. OpenVAS Vulnerability Test $Id: secpodms10-072.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities 2412048 Authors: Rachana Shetty Copyright: Copyright...

Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)

This host is missing an important security update according to Microsoft Bulletin MS10-072. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."...

Out-of-bounds

Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote...

CVE-2011-1890

CVE-2011-1890 describes a Cross-Site Scripting (XSS) vulnerability in EditForm.aspx of Microsoft SharePoint Server 2010 and SharePoint Foundation 2010. The vulnerability allows a remote attacker to inject arbitrary web script or HTML via a POST, enabling XSS in affected SharePoint pages. Connecte...

Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)

This host is missing an important security update according to Microsoft Bulletin MS11-072. OpenVAS Vulnerability Test $Id: secpodms11-072.nasl 6523 2017-07-04 15:46:12Z cfischer $ Microsoft Office Excel Remote Code Execution Vulnerabilities 2587505 Authors: Madhuri D Copyright: Copyright c 2011...

Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

This host is missing an important security update according to Microsoft Bulletin MS11-074. OpenVAS Vulnerability Test $Id: secpodms11-074.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities 2451858 Authors: Rachana Shetty Copyright: Copyright c...

Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

This host is missing an important security update according to Microsoft Bulletin MS11-074. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...