42 matches found
CVE-2023-24954
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-38177
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-24950
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-31173
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-26251
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2013-3895
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
CVE-2023-33129
Microsoft SharePoint Server Denial of Service Vulnerability
CVE-2022-41122
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-33132
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2020-16953
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
CVE-2023-33142
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2020-17120
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-31965
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2020-16948
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
CVE-2021-28450
Microsoft SharePoint Denial of Service Vulnerability
CVE-2023-36890
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36894
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2020-17017
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1260
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2024-49062
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16979
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-1323
An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.
CVE-2020-17015
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2020-1440
<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p><p>To exploit the vulnerability, an attacker would need to be authenticated on an aff...
CVE-2020-1103
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal...
CVE-2021-27052
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2021-24071
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-0670
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2020-1106
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101...
CVE-2019-1443
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The secu...
CVE-2020-1482
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
CVE-2016-7233
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or ...
CVE-2019-1330
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
CVE-2025-21393
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2019-0956
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.
CVE-2018-8160
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
CVE-2013-5059
Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."
CVE-2015-6117
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulne...
CVE-2012-1862
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
CVE-2024-49064
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2015-1700
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.