CVSS: 4.0EPSS: 8%CPEs: 20EXPL: 1CVE-2011-1892 – SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
https://notcve.org/view.php?id=CVE-2011-1892
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." Microsoft Office Groove 2007 Service Pack 2, SharePoint Workspace 2010 Gold y SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold y SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold y SP1, Windows SharePoint Services 3.0 SP2, Windows SharePoint 2010 y Office Web Aplicaciones 2010 Gold y SP1 no gestionan correctamente las partes web que contienen clases XML que referencian a entidades externas, lo que permite a usuarios remotos autenticados leer ficheros de su elección a través de un archivo XML o XSL debidamente modificados. Es un problema también conocido como "Vulnerabilidad de revelado de fichero remoto de Sharepoint." SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability. • https://www.exploit-db.com/exploits/17873 http://securityreason.com/securityalert/8386 http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 1CVE-2010-3964 – Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3964
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." Vulnerabilidad de subida de archivos sin restricciones en el Document Conversions Launcher Service en Microsoft Office SharePoint Server 2007 SP2, cuando Document Conversions Load Balancer Service está habilitado, permite a los atacantes remotos ejecutar código arbitrario mediante una solicitud SOAP diseñada al puerto TCP 8082, también se conoce como "Malformed Request Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Sucessful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. • https://www.exploit-db.com/exploits/20122 http://osvdb.org/69817 http://secunia.com/advisories/42631 http://www.securityfocus.com/bid/45264 http://www.securitytracker.com/id?1024886 http://www.us-cert.gov/cas/techalerts/TA10-348A.html http://www.vupen.com/english/advisories/2010/3226 http://www.zerodayinitiative.com/advisories/ZDI-10-287 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104 https://oval.cisecurity.org/repository/search/definition/ova •
CVSS: 4.3EPSS: 91%CPEs: 17EXPL: 0CVE-2010-3243
https://notcve.org/view.php?id=CVE-2010-3243
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows SharePoint Services v3.0 SP2 y Office SharePoint Server 2007 SP2, permite a atacantes remotos inyectar código web o HTML de su lección a través de vectores no especificados, conocido como "Vulnerabilidad de saneamiento HTML ." • http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7637 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 94%CPEs: 6EXPL: 3CVE-2010-3324 – Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
https://notcve.org/view.php?id=CVE-2010-3324
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. La función toStaticHTML en Internet Explorer 8 de Microsoft y la función SafeHTML en Windows SharePoint Services versión 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010 y Office Web Apps de Microsoft, permite a los atacantes remotos omitir el mecanismo de protección de cross-site scripting (XSS) y conducir ataques de tipo XSS por medio de un uso especialmente diseñado de la regla @import de Hojas de Estilo en Cascada (CSS), también se conoce como "HTML Sanitization Vulnerability", una vulnerabilidad diferente de CVE-2010-1257. • https://www.exploit-db.com/exploits/34478 http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html http://www.wooyun.org/bug.php?action=view&id=189 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 https://oval.cisecurity.org/repository/search/definition/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 71%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Office SharePoint Server 2007 SP1 y SP2; SharePoint Services 3.0 SP1 y SP2 y Internet Explorer 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con procedimientos de limpieza. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/bid/40409 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/58866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •