NotCVE - vendor:"Microsoft" product:"Sharepoint Services" version:"3.0"

Page 2 of 23 results (0.011 seconds)

CVSS: 6.1EPSS: 61%CPEs: 10EXPL: 0

CVE-2012-1863

https://notcve.org/view.php?id=CVE-2012-1863

10 Jul 2012 — Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2007 SP2 y SP3 Windows SharePoint Services v3.0 SP2, y S... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 93%CPEs: 29EXPL: 3

CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2012-1889

13 Jun 2012 — Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services cont... • https://www.exploit-db.com/exploits/19186 • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 47%CPEs: 4EXPL: 0

CVE-2011-1891

https://notcve.org/view.php?id=CVE-2011-1891

15 Sep 2011 — Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 3.0 SP2, y SharePoint Server 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comand... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.7EPSS: 56%CPEs: 20EXPL: 1

CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

https://notcve.org/view.php?id=CVE-2011-1892

15 Sep 2011 — Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote a... • https://www.exploit-db.com/exploits/17873 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 47%CPEs: 5EXPL: 0

CVE-2011-1893

https://notcve.org/view.php?id=CVE-2011-1893

15 Sep 2011 — Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos we... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 39%CPEs: 17EXPL: 0

CVE-2010-3243

https://notcve.org/view.php?id=CVE-2010-3243

13 Oct 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows... • http://support.avaya.com/css/P8/documents/100113324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 44%CPEs: 6EXPL: 3

CVE-2010-3324 – Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass

https://notcve.org/view.php?id=CVE-2010-3324

17 Sep 2010 — The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. La funció... • https://www.exploit-db.com/exploits/34478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 44%CPEs: 28EXPL: 0

CVE-2010-1257

https://notcve.org/view.php?id=CVE-2010-1257

08 Jun 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Off... • http://support.avaya.com/css/P8/documents/100089747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 58%CPEs: 4EXPL: 0

CVE-2010-1264

https://notcve.org/view.php?id=CVE-2010-1264

08 Jun 2010 — Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." Vulnerabilidad no especificada en Microsoft Windows SharePoint Services 3.0 SP1 y SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue) mediante peticiones manipuladas a la página Help que caus... • http://www.securityfocus.com/bid/40559 •

CVSS: 6.1EPSS: 49%CPEs: 5EXPL: 2

CVE-2010-0817 – Microsoft SharePoint Server 2007 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-0817

29 Apr 2010 — Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo _layouts/help.aspx en SharePoint Server 2007 versión 12.0.0.6421 y posiblemente anterior, y SharePoint Services versión 3.0 SP1 y SP2 de Microsoft, permite a los atacantes r... • https://www.exploit-db.com/exploits/12450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3