CVSS: 7.5EPSS: 80%CPEs: 2EXPL: 0CVE-2013-0084
https://notcve.org/view.php?id=CVE-2013-0084
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." Vulnerabilidad de salto de directorio en Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos evitar las restricciones de acceso a lectura establecidas para los contenidos y secuestrar las cuentas de usuarios a través de una URL manipulada. Aka "SharePoint Directory Traversal Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 44%CPEs: 2EXPL: 0CVE-2013-0085
https://notcve.org/view.php?id=CVE-2013-0085
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." Desbordamiento de búder en Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos provocar una denegación de servicio (caída del proceso W3WP y agotamiento del sitio) a través de una URL manipulada, aka "Buffer Overflow Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 0CVE-2013-0080
https://notcve.org/view.php?id=CVE-2013-0080
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos evitar las restricciones de acceso establecidas para los contenidos y secuestrar las cuentas de usuario a través de una URL manipulada. Aka "Callback Function Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2013-0086
https://notcve.org/view.php?id=CVE-2013-0086
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." Microsoft OneNote 2010 SP1 no determina adecuadamente los tamaños de buffer durante la ubicación de memoria, lo que permite a atacantes remotos obtener información sensible a través de un archivo OneNote, aka "Buffer Size Validation Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 89%CPEs: 2EXPL: 0CVE-2013-0083
https://notcve.org/view.php?id=CVE-2013-0083
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." Vulnerabilidad XSS en Microsoft SharePoint Server 2010 SP1, permite a atacantes remotos inyectar código web o HTML de su elección a través de un contenido manipulado, conduciendo a la ejecución de comandos de administrador. Aka "SharePoint XSS Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •