226 matches found
CVE-2019-0604
CVE-2019-0604 affects Microsoft SharePoint and is a remote code execution vulnerability caused by improper checking of the source markup in application packages. Exploitation could run code in the SharePoint server context and farm account over the network (high severity: CVSS v3.1 = 9.8; CVSS 2....
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2022-22005
CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...
CVE-2020-1025
CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...
CVE-2020-0929
CVE-2020-0929 (SharePoint RCE) : A remote code execution vulnerability in Microsoft SharePoint arises when the product fails to validate the source markup of an application package. Connected sources confirm this as a SharePoint RCE (via uploading a malicious application package) and cite the sam...
CVE-2020-0894
CVE-2020-0894 is a Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server caused by improper sanitization of crafted web requests. The CVE entry details an XSS flaw (distinct from CVE-2020-0893) with a NVD CVSS v3.1 base score of 5.4 (MEDIUM) and CVSS v2 base score of 3.5 (LOW). ...
CVE-2020-16952
CVE-2020-16952 is a Microsoft SharePoint Remote Code Execution vulnerability where failure to validate the source markup of an application package allows an attacker to execute arbitrary code in the SharePoint app pool and server farm context. Exploitation requires uploading a specially crafted S...
CVE-2020-1210
CVE-2020-1210 affects Microsoft SharePoint. A remote code execution flaw arises when SharePoint fails to validate the source markup of an application package; an attacker must have a user upload a crafted SharePoint app package to an affected SharePoint version. The impact is arbitrary code execu...
CVE-2020-1181
CVE-2020-1181 affects Microsoft SharePoint Server, where the service may execute remote code when ASP.NET web controls are not properly identified/filtered. The root cause is improper handling of unsafe ASP.NET web controls, enabling an authenticated attacker to run code in the SharePoint applica...
CVE-2020-0932
CVE-2020-0932 is a remote code execution vulnerability affecting Microsoft SharePoint. The vulnerability arises when the product fails to validate the source markup of an application package, enabling an attacker to run arbitrary code in the SharePoint context. Connected documents corroborate an ...
CVE-2019-0594
CVE-2019-0594 is a Microsoft SharePoint remote code execution vulnerability caused by failing to validate the source markup of an application package. The issue can allow an attacker to execute code in the context of the SharePoint server when the package is processed. The description specifies S...
CVE-2019-1006
CVE-2019-1006 corresponds to an authentication bypass vulnerability in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) that allows signing SAML tokens with arbitrary symmetric keys. The connected Nessus entries reiterate this issue as part of Microsoft SharePoint serv...
CVE-2017-0281
CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...
CVE-2022-21968
Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.
CVE-2022-29108
CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...
CVE-2021-31181
CVE-2021-31181 – Microsoft SharePoint RCE is caused by EditingPageParser.VerifyControlOnSafeList failing to validate user input, enabling an attacker with SPBasePermissions.ManageLists to craft a SOAP payload that leaks the ViewState validation key and deserializes via LosFormatter (ysoserial.NET...
CVE-2020-16951
CVE-2020-16951 affects Microsoft SharePoint Server where the product fails to validate the source markup of an uploaded application package. The root cause is incorrect checking of source markup during package processing, enabling arbitrary code execution in the SharePoint application pool and fa...
CVE-2020-0931
CVE-2020-0931 is a remote code execution vulnerability in Microsoft SharePoint caused by the product failing to validate the source markup of an application package. The connected Nessus findings describe this as part of a set of SharePoint vulnerabilities, noting several RCEs that involve upload...
CVE-2023-21742
CVE-2023-21742 affects Microsoft SharePoint Server family. A GitHub PoC for CVE-2023-21742 demonstrates an Improper Access Control path in SharePoint’s webpartpages (POST to _vti_bin/webpartpages.asmx, ConvertWebPartFormat) that leaks an attribute/property; the PoC explicitly notes it is not a fu...
CVE-2021-41344
Technical details for CVE-2021-41344 are not provided in the connected documents. Public information about affected products, root cause, impact, or fix is not available here. Monitor for updates from official sources.
CVE-2021-31950
CVE-2021-31950 is an on‑premises Microsoft SharePoint Server spoofing vulnerability (CWE: spoofing) with a documented SSRF/Server‑Side Request Forgery angle. Public details tie exploitation to SharePoint Server 16.0.x (example: 16.0.10372.20060) via GetXmlDataFromDataSource, enabling content spoo...
CVE-2022-21837
CVE-2022-21837 is a remote code execution vulnerability in Microsoft SharePoint Server (on‑prem). Connected sources confirm that exploitation could allow an attacker to run arbitrary code on the SharePoint server (e.g., potentially escalate to SharePoint admin) if the vulnerable SharePoint Server...
CVE-2023-23395
CVE-2023-23395 relates to a spoofing vulnerability in Microsoft SharePoint Server. The connected sources confirm: (1) affected product is SharePoint Server; (2) root cause described as spoofing in SharePoint components; (3) CVSSv3.1 base score of 3.1 (LOW) with network attack vector, high complex...
CVE-2023-28288
CVE-2023-28288 is a network-exploitable spoofing vulnerability affecting Microsoft SharePoint Server families. Public references (Exploit-DB entry) show a remote exploit against SharePoint Enterprise Server 2016, aligning with the vulnerability class described as spoofing in the CVE record. The C...
CVE-2021-28474
CVE-2021-28474 maps to a Microsoft SharePoint Server remote code execution vulnerability. Public details within the provided docs are limited to high‑level descriptions (SharePoint Server RCE) and CVSS metrics; no explicit exploit vectors or affected versions are stated in Connected documents. Th...
CVE-2021-40487
Technical details about CVE-2021-40487 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2022-24472
CVE-2022-24472 is a Microsoft SharePoint Server spoofing vulnerability. Connected sources confirm affected product family (SharePoint Server variants) and indicate remediation via security updates KB5002191 (SharePoint Server Subscription Edition) and KB5002180 (SharePoint Server 2019), which add...
CVE-2019-1262
CVE-2019-1262 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server caused by improper sanitization of certain web requests. An authenticated attacker could exploit this by sending a crafted request to an affected SharePoint server, enabling the attacker to execute scripts ...
CVE-2021-34467
CVE-2021-34467 affects Microsoft SharePoint Server (SharePoint Server 2019). The connected documents indicate this is a remote code execution vulnerability addressed by the security update KB5001975, which resolves both the RCE and a spoofing issue. The patch is for 64-bit SharePoint Server 2019 ...
CVE-2011-0653
CVE-2011-0653 is an XSS vulnerability in Microsoft Office SharePoint Server 2010 (Gold and SP1) and SharePoint Foundation 2010. The root cause is insufficient validation of input in the shared calendar object, allowing a remote attacker to entice a user to a crafted page and inject arbitrary web ...
CVE-2012-1863
CVE-2012-1863 is an XSS in Microsoft SharePoint: SharePoint Server 2007 SP2/SP3, WSS 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1 allow remote attackers to inject arbitrary scripts via crafted JavaScript in a URL due to insufficient sanitization of the List parameter. The vulnerability is add...
CVE-2021-24104
CVE-2021-24104 is a spoofing vulnerability in Microsoft SharePoint Server reported across multiple SharePoint releases (2013, 2016, 2019, and related Server deployments). The connected Nessus/NVD entries corroborate that this issue is part of a set of March 2021 security updates and is addressed ...
CVE-2021-34468
CVE-2021-34468 is a Microsoft SharePoint Server Remote Code Execution vulnerability. The initial data indicates an RCE weakness affecting SharePoint Server with a CVSS v3.1 base score of 8.0 (HIGH), an adjacent network attack vector, low attack complexity, no privileges required, and user interac...
CVE-2021-34520
CVE-2021-34520 concerns a Microsoft SharePoint Server Remote Code Execution vulnerability. The related connected document KB5001975 confirms a security update for SharePoint Server 2019 (16.0.10376.20001) that addresses this vulnerability. The CVE is described with high severity in accompanying m...
CVE-2020-16945
CVE-2020-16945 concerns a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where specially crafted web requests are not properly sanitized. An authenticated attacker could send such a request and, if successful, execute scripts in the security context of the current user. T...
CVE-2012-1859
CVE-2012-1859 is a cross-site scripting (XSS) vulnerability in SharePoint components: scriptresx.ashx affects SharePoint Server 2010 (Gold/SP1) and Foundation 2010 (Gold/SP1), as well as Office Web Apps 2010. The issue allows remote attackers to inject arbitrary JavaScript/HTML by crafting elemen...
CVE-2021-26420
CVE-2021-26420 is a Microsoft SharePoint Server Remote Code Execution vulnerability. Connected documents show a Microsoft security update KB5001944 that fixes this issue for SharePoint Server 2019 (64‑bit) and replaces prior updates. The update description confirms the vulnerability involves remo...
CVE-2013-1330
CVE-2013-1330 is described as a vulnerability in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1/SP2, and Office Web Apps 2010 where the EnableViewStateMac attribute is not enabled by default. This permits remote code execution via an unassigned...
CVE-2020-17118
CVE-2020-17118 is a remote code execution vulnerability in Microsoft SharePoint Server. The connected documents confirm it affects multiple SharePoint Server versions (2010, 2013, 2016, 2019) and that systems missing security updates are affected. No explicit root-cause details are provided in th...
CVE-2021-27076
CVE-2021-27076 is a SharePoint Server Remote Code Execution flaw rooted in InfoPath session state deserialization. The vulnerability arises when the server deserializes a crafted DocumentSessionState via the BinaryFormatter, enabling arbitrary code execution with SYSTEM privileges after deseriali...
CVE-2021-31966
CVE-2021-31966 is a Microsoft SharePoint Server remote code execution vulnerability. The connected documents confirm affected product families include SharePoint Server (2013/2016/2019 on-premises) and show that patches released June 8, 2021 (KB5001922/KB5001946, and related advisories) address t...
CVE-2023-21744
CVE-2023-21744 is a Microsoft SharePoint Server remote code execution vulnerability. Connected sources confirm that it affects SharePoint Server products (Foundation 2013, Server 2016/2019 and subscriptions) and that exploitation leads to arbitrary code execution with network access and no user i...
CVE-2021-26418
Microsoft SharePoint Server 2019 is affected by CVE-2021-26418 (Spoofing). The vulnerability is addressed by the May 11, 2021 security update KB5001916, which resolves the spoofing issue alongside related fixes. The update fixes remote-code-execution/spoofing concerns and requires installing KB50...
CVE-2021-34519
CVE-2021-34519 is a Microsoft SharePoint Server information disclosure vulnerability affecting on‑premises SharePoint Server variants. Connected documents confirm it is an information disclosure issue tied to SharePoint Server (2013/2016/Enterprise Server 2016) and reference security updates (e.g...
CVE-2013-1315
CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...
CVE-2020-1198
CVE-2020-1198 is a Microsoft SharePoint Server XSS vulnerability where a crafted request to an affected SharePoint server is not properly sanitized. An authenticated attacker could execute scripts in the user’s browser, access data they aren’t authorized to read, and perform actions in the user’s...
CVE-2013-0084
CVE-2013-0084 affects Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1. The vulnerability arises from insufficient sanitization of user-supplied URLs, enabling a directory traversal that can bypass content-read restrictions and, per multiple advisories, may allow an attacke...
CVE-2021-31963
CVE-2021-31963 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server. Connected sources confirm the issue exists and that Microsoft released fixes in June 2021 (e.g., KB5001954 for SharePoint Enterprise Server 2013 and related updates noted i...
CVE-2020-0850
CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...
CVE-2020-17121
No concrete technical details for CVE-2020-17121 are present in the provided connected documents; they only reference it among December 2020 SharePoint updates without specifics on affected components or root cause.