Lucene search
K
MicrosoftSharepoint Services

19 matches found

CVE
CVE
added 2012/07/10 9:0 p.m.178 views

CVE-2012-1863

CVE-2012-1863 is an XSS in Microsoft SharePoint: SharePoint Server 2007 SP2/SP3, WSS 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1 allow remote attackers to inject arbitrary scripts via crafted JavaScript in a URL due to insufficient sanitization of the List parameter. The vulnerability is add...

4.3CVSS5.4AI score0.2308EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.165 views

CVE-2013-1330

CVE-2013-1330 is described as a vulnerability in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1/SP2, and Office Web Apps 2010 where the EnableViewStateMac attribute is not enabled by default. This permits remote code execution via an unassigned...

10CVSS7.4AI score0.27411EPSS
CVE
CVE
added 2007/05/09 9:0 p.m.159 views

CVE-2007-2581

CVE-2007-2581 affects Microsoft Windows SharePoint Services 3.0 (Windows Server 2003) and Office SharePoint Server 2007. The vulnerability is a cross-site scripting (XSS) flaw caused by lack of input validation when processing URL requests (PATH_INFO) in SharePoint pages (notably default.aspx). S...

4.3CVSS5.7AI score0.36226EPSS
Web
CVE
CVE
added 2013/09/11 10:0 a.m.156 views

CVE-2013-1315

CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...

9.3CVSS7.6AI score0.28702EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.149 views

CVE-2013-0081

CVE-2013-0081 affects Microsoft SharePoint components (SharePoint Portal Server 2003 SP3; SharePoint Server 2007 SP3; 2010 SP1/SP2; 2013) and causes a denial of service by abusing unassigned workflows via a crafted URL, triggering W3WP process hang. The issue is listed among MS13-067 vulnerabilit...

5CVSS6.4AI score0.77458EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.117 views

CVE-2011-1892

CVE-2011-1892 targets SharePoint-related products (SharePoint Server/Workspace/ Groove components, Office Web Apps, Windows SharePoint Services, etc.). The flaw is an XXE-style vulnerability where Web Parts containing XML classes referencing external entities allow remote authenticated users to r...

4CVSS6.1AI score0.38332EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.98 views

CVE-2015-0085

CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...

9.3CVSS7.4AI score0.18825EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.96 views

CVE-2010-1257

CVE-2010-1257 is described as an XSS flaw in the toStaticHTML API affecting InfoPath 2003/2007, SharePoint products, and IE8. Public docs here identify IE vulnerabilities addressed by MS10-035 (Internet Explorer cumulative security update) that resolves remote code execution/related issues. The C...

4.3CVSS5.4AI score0.22159EPSS
CVE
CVE
added 2014/05/14 10:0 a.m.95 views

CVE-2014-0251

CVE-2014-0251 affects Microsoft SharePoint products including Windows SharePoint Services 3.0 SP3, SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 Gold/SP1, SharePoint Foundation 2010 SP1/SP2/2013 Gold/SP1, Project Server 2010 SP1/SP2/2013 Gold/SP1, Web Applications 2010 SP1/SP2, Office Web Apps S...

9CVSS7.2AI score0.14199EPSS
CVE
CVE
added 2010/09/17 5:46 p.m.92 views

CVE-2010-3324

CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...

4.3CVSS7.4AI score0.25016EPSS
CVE
CVE
added 2010/04/29 9:0 p.m.86 views

CVE-2010-0817

CVE-2010-0817 is a reflected XSS vulnerability in Microsoft SharePoint Server 2007 (12.0.0.6421 and earlier) and Windows SharePoint Services 3.0 SP1/SP2, exploitable via the cid0 parameter to _layouts/help.aspx. Connected sources confirm related issues: CVE-2010-1257 (toStaticHTML input sanitizat...

4.3CVSS5.6AI score0.28707EPSS
Web
CVE
CVE
added 2010/10/13 6:0 p.m.83 views

CVE-2010-3243

CVE-2010-3243 describes an HTML sanitization vulnerability (HTML Sanitization Vulnerability) causing cross-site scripting in Microsoft Internet Explorer 8 and in SharePoint components: Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2. The root cause is improper filtering ...

4.3CVSS7AI score0.1572EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.77 views

CVE-2011-1893

CVE-2011-1893 corresponds to a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint components: Office SharePoint Server 2010, Windows SharePoint Services 2.0/3.0 SP2, and SharePoint Foundation 2010. The root cause is improper handling of URI parameters, enabling remote attacke...

4.3CVSS5.1AI score0.16774EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.76 views

CVE-2012-2520

CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...

4.3CVSS5.6AI score0.28477EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.76 views

CVE-2013-3179

CVE-2013-3179 is a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint Server family (2007 SP3, 2010 SP1/SP2, 2013). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted request. Connected OpenVAS entries corroborate MS13-067 as the related se...

4.3CVSS5AI score0.14241EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.74 views

CVE-2013-3847

Microsoft Word Memory Corruption Vulnerability (CVE-2013-3847) affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. A crafted Office document coul...

9.3CVSS7.5AI score0.20971EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.73 views

CVE-2011-1891

CVE-2011-1891 is a Cross-site scripting (XSS) vulnerability in Microsoft SharePoint components: Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1. The issue arises from unfiltered input in a request to a script, allowing remote attackers to inject arbitrary web script o...

4.3CVSS5.1AI score0.16774EPSS
CVE
CVE
added 2004/01/08 5:0 a.m.67 views

CVE-2003-0904

Summary: CVE-2003-0904 affects Microsoft Exchange Server 2003 with Outlook Web Access (OWA) when NTLM is used. A flaw in HTTP connection reuse between front-end and back-end servers (NTLM-authenticated OWA) can cause a user to be connected to another user’s mailbox if Kerberos is disabled or fall...

6CVSS6.7AI score0.08162EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.58 views

CVE-2010-1264

CVE-2010-1264 is a denial-of-service vulnerability in Microsoft Windows SharePoint Services 3.0 SP1/SP2 (and related SharePoint products) exploited by sending crafted requests to the Help.aspx page, which can cause the application pool to restart and the web server to become unresponsive. The iss...

4CVSS6.5AI score0.23553EPSS