CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33160 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33160
Microsoft SharePoint Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33159 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-33159
Microsoft SharePoint Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33157 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33157
Microsoft SharePoint Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33134 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33134
Microsoft SharePoint Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 24%CPEs: 3EXPL: 1CVE-2023-24955 – Microsoft SharePoint Server Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-24955
Microsoft SharePoint Server Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the GenerateProxyAssembly method. The issue results from the lack of proper validation of a user-supplied string before using it to execute C# code. An attacker can leverage this vulnerability to execute code in the context of SharePoint farm service account. Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. • https://github.com/former-farmer/CVE-2023-24955-PoC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •