Microsoft Groove - Base64 encoded String, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Microsoft Groove published at the 'play' market has multiple vulnerabilities...

Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. OpenVAS Vulnerability Test $Id: secpodgrooveserverms13-035.nasl 5339 2017-02-18 16:28:22Z cfi $ Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability 2821818 Authors: Antu Sanadi Copyright:...

Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Groove Server Detection

Detects the installed version of Microsoft Groove Server. The script logs in via smb, searches for Microsoft Groove Server in the registry and gets the version from SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)

This host is missing a critical security update according to Microsoft Bulletin MS13-002. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft XML Core Services CVE-2013-0007 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Expression...

MS12-066: Description of the security update for Microsoft Groove Server 2010 Service Pack 1: October 9, 2012

None None...

Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

This host is missing an important security update according to Microsoft Bulletin MS11-074. OpenVAS Vulnerability Test $Id: secpodms11-074.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities 2451858 Authors: Rachana Shetty Copyright: Copyright c...

Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability that affects the 'toStaticHTML' API. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya...

Microsoft Groove Remote Code Execution Vulnerability (2494047)

This host is missing a critical security update according to Microsoft Bulletin MS11-016. OpenVAS Vulnerability Test $Id: secpodms11-016.nasl 6538 2017-07-05 11:38:27Z cfischer $ Microsoft Groove Remote Code Execution Vulnerability 2494047 Authors: Madhuri D Copyright: Copyright c 2011 SecPod,...

Microsoft Groove Remote Code Execution Vulnerability (2494047)

This host is missing a critical security update according to Microsoft Bulletin MS11-016. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Groove 2007 mso.dll Insecure Library Loading (MS11-016; CVE-2010-3146)

Microsoft Office Groove 2007 is a collaboration software program for working on a broad range of project activities, from simple document collaboration to custom solutions integrated with business processes. A remote code execution vulnerability has been reported in the way that Microsoft Groove...

MS11-016: Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)

The remote Windows host contains a version of Microsoft Groove 2007 that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user on the affected system into opening a specially crafted Groove-related file located in the same network directory as a...

Microsoft Groove Server Installed

Microsoft Groove Server is installed on the remote host. This application is used to centrally manage deployments of Microsoft Office Groove and Microsoft SharePoint Workspace. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid49977; scriptversion"1.12";...

MS10-072: Description of the security update for Microsoft Groove Server 2010: October 12, 2010

None None...

CVE-2010-3146

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse 1 mso.dll or 2 GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard .vcg or Groove Tool Archive .gta...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse 1 mso.dll or 2 GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard .vcg or Groove Tool Archive .gta...

CVE-2010-3146

CVE-2010-3146 corresponds to the Microsoft Groove 2007 insecure library loading vulnerability. Multiple OpenVAS/SecPod/SAINT entries confirm that Groove 2007 (SP2) loads untrusted libraries from the current working directory when opening .vcg or .gta files, specifically mso.dll or GroovePerfmon.d...

Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...

Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...