CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2024-30100 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30100
11 Jun 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 92%CPEs: 88EXPL: 9CVE-2020-1147 – Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1147
14 Jul 2020 — A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ... • https://packetstorm.news/files/id/163644 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 3%CPEs: 91EXPL: 1CVE-2019-1006
https://notcve.org/view.php?id=CVE-2019-1006
15 Jul 2019 — An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. Se presenta una vulnerabilidad de omisión de autenticación en Windows Communication Foundation (WCF) y Windows Identity Foundation (WIF), permitiendo la firma de tokens SAML con claves simétricas arbitrarias, también se conoce como "WCF/WIF SAML Token Authenti... • https://github.com/521526/CVE-2019-1006 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 53%CPEs: 67EXPL: 1CVE-2018-8284 – Microsoft Security Bulletin CVE Revision Increment for August, 2018
https://notcve.org/view.php?id=CVE-2018-8284
11 Jul 2018 — A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET F... • https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 48%CPEs: 13EXPL: 0CVE-2013-3847
https://notcve.org/view.php?id=CVE-2013-3847
11 Sep 2013 — Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 60%CPEs: 10EXPL: 0CVE-2013-0081
https://notcve.org/view.php?id=CVE-2013-0081
11 Sep 2013 — Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." Microsoft SharePoint Portal Server 2003 SP3 y SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013 no procesan correctamente flujos de trabajo no asignados, lo cual permite a atacantes remotos causar denegación de ser... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 67%CPEs: 22EXPL: 1CVE-2013-1315
https://notcve.org/view.php?id=CVE-2013-1315
11 Sep 2013 — Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 59%CPEs: 10EXPL: 0CVE-2013-1330
https://notcve.org/view.php?id=CVE-2013-1330
11 Sep 2013 — The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability." Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 y 2010 SP1 y SP2, y Office Web Apps 2010 no establecen el atributo EnableViewStateMac apropiadamete, lo que permite a... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 47%CPEs: 5EXPL: 0CVE-2011-1893
https://notcve.org/view.php?id=CVE-2011-1893
15 Sep 2011 — Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos we... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 8%CPEs: 3EXPL: 1CVE-2010-0716
https://notcve.org/view.php?id=CVE-2010-0716
26 Feb 2010 — _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when... • http://www.hacktics.com/content/advisories/AdvMS20100222.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •