CVSS: 6.8EPSS: 11%CPEs: 2EXPL: 0CVE-2012-1862
https://notcve.org/view.php?id=CVE-2012-1862
10 Jul 2012 — Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." Vulnerabilidad de redirección en Microsoft Office SharePoint Server 2007 SP2 y SP3 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL manipulada, también conocido como "SharePoint URL Redirect... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 61%CPEs: 10EXPL: 0CVE-2012-1863
https://notcve.org/view.php?id=CVE-2012-1863
10 Jul 2012 — Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2007 SP2 y SP3 Windows SharePoint Services v3.0 SP2, y S... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 93%CPEs: 29EXPL: 3CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
13 Jun 2012 — Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services cont... • https://www.exploit-db.com/exploits/19186 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 59%CPEs: 23EXPL: 0CVE-2011-1989 – Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2011-1989
15 Sep 2011 — Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated wit... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 58%CPEs: 6EXPL: 0CVE-2011-1990 – Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1990
15 Sep 2011 — Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability." Microsoft Excel 2007 Service Pack 2; Excel en Office 2007 SP2, Excel Viewer SP2, Paquete de compatibi... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.7EPSS: 57%CPEs: 20EXPL: 1CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
https://notcve.org/view.php?id=CVE-2011-1892
15 Sep 2011 — Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote a... • https://www.exploit-db.com/exploits/17873 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 90%CPEs: 2EXPL: 1CVE-2010-3964 – Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3964
14 Dec 2010 — Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." Vulnerabilidad de subida de archivos sin restricciones en el Document Conversions Launcher Service en Microsoft Office SharePoint Server 2007 SP2, cuando Document Conv... • https://www.exploit-db.com/exploits/20122 •
CVSS: 4.3EPSS: 39%CPEs: 17EXPL: 0CVE-2010-3243
https://notcve.org/view.php?id=CVE-2010-3243
13 Oct 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows... • http://support.avaya.com/css/P8/documents/100113324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 44%CPEs: 6EXPL: 3CVE-2010-3324 – Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
https://notcve.org/view.php?id=CVE-2010-3324
17 Sep 2010 — The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. La funció... • https://www.exploit-db.com/exploits/34478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 44%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
08 Jun 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Off... • http://support.avaya.com/css/P8/documents/100089747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •