SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE

No description provided by source. Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke 6 CVE : CVE-2011-1892 poc filename: xee.xml !DOCTYPE doc !ENTITY boom SYSTEM...

PT-2013-3072 · Microsoft · Office Web Apps +5

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server versions 2007 SP3, 2010 SP1 and SP2, and 2013 Office Web Apps 2010 Excel versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Office for Mac 2011 Excel Viewer Office Compatibility Pack SP3 Description: ...

CVE-2012-1863

CVE-2012-1863 is an XSS in Microsoft SharePoint: SharePoint Server 2007 SP2/SP3, WSS 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1 allow remote attackers to inject arbitrary scripts via crafted JavaScript in a URL due to insufficient sanitization of the List parameter. The vulnerability is add...

SharePoint 2007 / 2010 And DotNetNuke File Disclosure

Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke poc filename: xee.xsl...

Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal

Seeker Research Center Security Advisory This vulnerability was discovered by Seekerr Automatic Run-Time Application Security Testing Solution Disclosed By Irene Abezgauz, September 13th, 2011 ========= I. Overview ========= An Insecure Redirect vulnerability has been identified in Microsoft...

Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal

Seeker Research Center Security Advisory This vulnerability was discovered by Seeker® Automatic Run-Time Application Security Testing Solution Disclosed By Irene Abezgauz, September 13th, 2011 ========= I. Overview ========= A Cross Site Scripting vulnerability has been identified in Microsoft...

Microsoft SharePoint 2007 Cross Site Scripting

Seeker Research Center Security Advisory This vulnerability was discovered by Seeker® Automatic Run-Time Application Security Testing Solution Disclosed By Irene Abezgauz, September 13th, 2011 ========= I. Overview ========= A Cross Site Scripting vulnerability has been identified in Microsoft...

Microsoft SharePoint 2007/2010 - &#039;Source&#039; Multiple Open Redirections

source: https://www.securityfocus.com/bid/49620/info Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. Successful exploits may redirect a user to a potentially malicious site; this may aid in...

SharePoint 2007 Team Services source code disclosure

Exploit for unknown platform in category web applications ==================================================== SharePoint 2007 Team Services source code disclosure ==================================================== ======= Summary ======= Name: SharePoint Team Services source code disclosure...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string in "every main page," as demonstrated by default.asp...