CVE-2013-0085

Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."

CVE-2013-1289

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

CVE-2025-30382

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVE-2025-30384

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVE-2008-1888

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.

CVE-2009-3830

The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

CVE-2025-53771

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-49703

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.