24 matches found
CVE-2017-0281
CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...
CVE-2020-0954
Technical details for CVE-2020-0954 are not publicly available in the provided documents. Monitor for updates from official sources.
CVE-2018-8284
CVE-2018-8284 is a remote code execution vulnerability in the Microsoft .NET Framework caused by improper input validation. The NVD entry lists affected runtimes across multiple versions (e.g., .NET Framework 2.0/3.0/3.5/3.5.1 and 4.x releases up to 4.7.2, including 4.6.x and 4.7.x). Microsoft MS...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2017-11876
CVE-2017-11876 affects Microsoft Project Server and SharePoint Enterprise Server 2016. The vulnerability arises from improper session handling that enables cross-site request forgery, allowing an attacker to read restricted content and impersonate the victim to perform actions (e.g., change permi...
CVE-2019-1031
Microsoft SharePoint Server has an XSS vulnerability (CVE-2019-1031) due to improper sanitization of crafted web requests. An authenticated attacker could run scripts in the user’s browser, read restricted content, and perform actions on the SharePoint site (e.g., change permissions, delete conte...
CVE-2019-1036
CVE-2019-1036 describes a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where an attacker with authentication can exploit insufficient sanitization of crafted web requests. Successful exploitation could allow the attacker to execute scripts in the user’s browser, read co...
CVE-2018-0909
Technical details for CVE-2018-0909, including affected products and remediation, are not publicly provided in the connected documents. Monitor official advisories for updates on impact and fixes.
CVE-2014-0251
CVE-2014-0251 affects Microsoft SharePoint products including Windows SharePoint Services 3.0 SP3, SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 Gold/SP1, SharePoint Foundation 2010 SP1/SP2/2013 Gold/SP1, Project Server 2010 SP1/SP2/2013 Gold/SP1, Web Applications 2010 SP1/SP2, Office Web Apps S...
CVE-2019-1033
Technical details for CVE-2019-1033 are not publicly available in the provided documents. No specifics on affected versions, root cause, or fixes are present here. Monitor for updates via the cited sources.
CVE-2017-8551
CVE-2017-8551 is a Microsoft SharePoint Server elevation-of-privilege vulnerability caused by improper sanitization of crafted web requests, enabling potential cross-site scripting and actions on behalf of a user. Affected products include SharePoint Server (and SharePoint-related components) wit...
CVE-2015-1640
CVE-2015-1640 describes a cross-site scripting (XSS) vulnerability impacting Microsoft Project Server 2010 SP2 and 2013 SP1, attributed to insufficient input filtering in SharePoint/Project Server components. The core issue is improper sanitization of crafted requests that allows an attacker to i...
CVE-2018-8254
Root cause: elevation of privilege in Microsoft SharePoint Server due to improper filtering of certain web requests. Affected products include SharePoint Server and Project Server (e.g., SharePoint Enterprise Server 2016 and SharePoint Foundation 2013 SP1 per CNVD entries). CVSS metrics indicate ...
CVE-2018-0944
Technical details for CVE-2018-0944 are not publicly available in the provided connected documents. Monitor for updates; based on current inputs, no concrete affected products, versions, exploit info, or remediation are disclosed here.
CVE-2018-0911
Technical details about CVE-2018-0911 are not publicly available in the provided documents; monitor for updates.
CVE-2018-0914
Technical details about CVE-2018-0914 are not publicly available in the provided documents. The connected EUVD entries mention malware without giving affected products, root cause, impact, or remediation for this CVE. Monitor for updates.
CVE-2018-8156
CVE-2018-8156 is a Microsoft SharePoint Server elevation-of-privilege issue. Connected sources confirm the vulnerability arises when SharePoint Server (and related Project Server variants) fails to properly filter specially crafted web requests, enabling an attacker to escalate privileges. Severa...
CVE-2018-0916
Technical details for CVE-2018-0916 are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2018-0915
Technical details are not publicly available in the provided documents for CVE-2018-0915; no product/version specifics or remediation are disclosed here. Monitor for updates from official sources.
CVE-2018-0912
No technical details for CVE-2018-0912 are present in the provided documents. Monitor for updates as more information becomes available.
CVE-2018-0910
Technical details about CVE-2018-0910 are not publicly available in the provided documents; the connected EUVD entries refer to malware and do not specify affected products, impact, or remediation. Monitor for updates.
CVE-2018-0913
Technical details for CVE-2018-0913 are not publicly available in the provided documents; monitor for updates.
CVE-2009-0102
Summary: CVE-2009-0102 is a remote code execution vulnerability in Microsoft Office Project components. The flaw is rooted in how Project files are parsed; specifically, memory allocations are not properly validated when opening Project files, leading to memory corruption in winproj.exe and the a...
CVE-2006-6617
CVE-2006-6617 affects Microsoft Project Server 2003. The vulnerability lies in projectserver/logon/pdsrequest.asp where a GetInitializationData response can expose the UserName and Password fields, allowing remote authenticated users to obtain the MSProjectUser password for the SQL database. The ...