19 matches found
CVE-2012-1863
CVE-2012-1863 is an XSS in Microsoft SharePoint: SharePoint Server 2007 SP2/SP3, WSS 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1 allow remote attackers to inject arbitrary scripts via crafted JavaScript in a URL due to insufficient sanitization of the List parameter. The vulnerability is add...
CVE-2013-1330
CVE-2013-1330 is described as a vulnerability in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1/SP2, and Office Web Apps 2010 where the EnableViewStateMac attribute is not enabled by default. This permits remote code execution via an unassigned...
CVE-2007-2581
CVE-2007-2581 affects Microsoft Windows SharePoint Services 3.0 (Windows Server 2003) and Office SharePoint Server 2007. The vulnerability is a cross-site scripting (XSS) flaw caused by lack of input validation when processing URL requests (PATH_INFO) in SharePoint pages (notably default.aspx). S...
CVE-2013-1315
CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...
CVE-2013-0081
CVE-2013-0081 affects Microsoft SharePoint components (SharePoint Portal Server 2003 SP3; SharePoint Server 2007 SP3; 2010 SP1/SP2; 2013) and causes a denial of service by abusing unassigned workflows via a crafted URL, triggering W3WP process hang. The issue is listed among MS13-067 vulnerabilit...
CVE-2011-1892
CVE-2011-1892 targets SharePoint-related products (SharePoint Server/Workspace/ Groove components, Office Web Apps, Windows SharePoint Services, etc.). The flaw is an XXE-style vulnerability where Web Parts containing XML classes referencing external entities allow remote authenticated users to r...
CVE-2015-0085
CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...
CVE-2010-1257
CVE-2010-1257 is described as an XSS flaw in the toStaticHTML API affecting InfoPath 2003/2007, SharePoint products, and IE8. Public docs here identify IE vulnerabilities addressed by MS10-035 (Internet Explorer cumulative security update) that resolves remote code execution/related issues. The C...
CVE-2014-0251
CVE-2014-0251 affects Microsoft SharePoint products including Windows SharePoint Services 3.0 SP3, SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 Gold/SP1, SharePoint Foundation 2010 SP1/SP2/2013 Gold/SP1, Project Server 2010 SP1/SP2/2013 Gold/SP1, Web Applications 2010 SP1/SP2, Office Web Apps S...
CVE-2010-3324
CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...
CVE-2010-0817
CVE-2010-0817 is a reflected XSS vulnerability in Microsoft SharePoint Server 2007 (12.0.0.6421 and earlier) and Windows SharePoint Services 3.0 SP1/SP2, exploitable via the cid0 parameter to _layouts/help.aspx. Connected sources confirm related issues: CVE-2010-1257 (toStaticHTML input sanitizat...
CVE-2010-3243
CVE-2010-3243 describes an HTML sanitization vulnerability (HTML Sanitization Vulnerability) causing cross-site scripting in Microsoft Internet Explorer 8 and in SharePoint components: Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2. The root cause is improper filtering ...
CVE-2011-1893
CVE-2011-1893 corresponds to a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint components: Office SharePoint Server 2010, Windows SharePoint Services 2.0/3.0 SP2, and SharePoint Foundation 2010. The root cause is improper handling of URI parameters, enabling remote attacke...
CVE-2012-2520
CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...
CVE-2013-3179
CVE-2013-3179 is a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint Server family (2007 SP3, 2010 SP1/SP2, 2013). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted request. Connected OpenVAS entries corroborate MS13-067 as the related se...
CVE-2013-3847
Microsoft Word Memory Corruption Vulnerability (CVE-2013-3847) affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. A crafted Office document coul...
CVE-2011-1891
CVE-2011-1891 is a Cross-site scripting (XSS) vulnerability in Microsoft SharePoint components: Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold/SP1. The issue arises from unfiltered input in a request to a script, allowing remote attackers to inject arbitrary web script o...
CVE-2003-0904
Summary: CVE-2003-0904 affects Microsoft Exchange Server 2003 with Outlook Web Access (OWA) when NTLM is used. A flaw in HTTP connection reuse between front-end and back-end servers (NTLM-authenticated OWA) can cause a user to be connected to another user’s mailbox if Kerberos is disabled or fall...
CVE-2010-1264
CVE-2010-1264 is a denial-of-service vulnerability in Microsoft Windows SharePoint Services 3.0 SP1/SP2 (and related SharePoint products) exploited by sending crafted requests to the Help.aspx page, which can cause the application pool to restart and the web server to become unresponsive. The iss...