CVE-2015-6039
https://notcve.org/view.php?id=CVE-2015-6039
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability." Vulnerabilidad de XSS en Microsoft SharePoint Server 2013 SP1 y SharePoint Foundation 2013 SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de contenido manipulado en una instancia Office Marketplace, también conocida como 'Microsoft SharePoint Security Feature Bypass Vulnerability'. • http://www.securitytracker.com/id/1033804 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2522
https://notcve.org/view.php?id=CVE-2015-2522
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability." Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2013 SP1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un contenido manipulado, también conocida como 'Microsoft SharePoint XSS Spoofing Vulnerability.' • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033489 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1700
https://notcve.org/view.php?id=CVE-2015-1700
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities." Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, y SharePoint Foundation 2013 SP1 permiten a usuarios remotos autenticados ejecutar código arbitrario a través del contenido de páginas manipulado, también conocido como 'vulnerabilidad del contenido de páginas de Microsoft SharePoint.' • http://www.securitytracker.com/id/1032296 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047 • CWE-20: Improper Input Validation •
CVE-2015-1682 – Microsoft Word ptCount Element Uninitialized Memory Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1682
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, Excel Services on SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Microsoft Office.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of embedded charts. By providing a malformed .docx file with an invalid "ptCount" node, an attacker can force uninitialized memory to be read. • http://www.securityfocus.com/bid/74481 http://www.securitytracker.com/id/1032295 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1653
https://notcve.org/view.php?id=CVE-2015-1653
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2013 SP1 y SharePoint Server 2013 SP1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud manipulada, también conocido como 'vulnerabilidad de XSS en Microsoft SharePoint.' • http://www.securitytracker.com/id/1032111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •