CVSS: 6.1EPSS: 40%CPEs: 5EXPL: 2CVE-2010-0817 – Microsoft SharePoint Server 2007 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0817
29 Apr 2010 — Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo _layouts/help.aspx en SharePoint Server 2007 versión 12.0.0.6421 y posiblemente anterior, y SharePoint Services versión 3.0 SP1 y SP2 de Microsoft, permite a los atacantes r... • https://www.exploit-db.com/exploits/12450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 8%CPEs: 3EXPL: 1CVE-2010-0716
https://notcve.org/view.php?id=CVE-2010-0716
26 Feb 2010 — _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when... • http://www.hacktics.com/content/advisories/AdvMS20100222.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 73%CPEs: 1EXPL: 2CVE-2009-3830 – SharePoint 2007 - Team Services Source Code Disclosure
https://notcve.org/view.php?id=CVE-2009-3830
30 Oct 2009 — The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. La funcionalidad "descarga" en Team Services en Microsoft Office SharePoint Server 2007 v12.0.0.4518 y v12.0.0.6219 permite a atacantes remotos leer fuentes de ASP.NET a través de nombres de rutas en los parámetros SourceUrl y Source a _layouts/download.aspx. • https://www.exploit-db.com/exploits/9967 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 58%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 60%CPEs: 16EXPL: 0CVE-2008-4019 – Microsoft Office Excel REPT Formula Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4019
14 Oct 2008 — Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerabili... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 68%CPEs: 15EXPL: 0CVE-2008-3006 – Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3006
12 Aug 2008 — Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 19%CPEs: 1EXPL: 1CVE-2008-1888 – Microsoft SharePoint Server 2.0 - Picture Source HTML Injection
https://notcve.org/view.php?id=CVE-2008-1888
18 Apr 2008 — Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Picture Source (Fuente de Imagen) (también conocido como picture object source) ... • https://www.exploit-db.com/exploits/31632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 67%CPEs: 3EXPL: 1CVE-2007-2581 – Microsoft SharePoint Server 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2581
09 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. Varias vulnerabilidades de tipo cross-site scripting (XSS) en Microsoft Windows SharePoint Services versión 3.0 para Windows Server 2003 y Office SharePoint Server 2007 permiten a atacantes remotos inyectar ... • https://www.exploit-db.com/exploits/29951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •