This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2014-05-14
Product Sharepoint Foundation Last view 2020-07-14
Version 2013 Type Application
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:sharepoint_foundation

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2020-07-14 CVE-2020-1444

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

5.4 2020-07-14 CVE-2020-1443

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

8.8 2020-07-14 CVE-2020-1439

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

9.8 2020-07-14 CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.

5.4 2020-06-09 CVE-2020-1320

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.

5.4 2020-06-09 CVE-2020-1318

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.

5.4 2020-06-09 CVE-2020-1298

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.

5.4 2020-06-09 CVE-2020-1297

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.

5.4 2020-06-09 CVE-2020-1183

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.

8.8 2020-06-09 CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

5.4 2020-06-09 CVE-2020-1177

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.

5.4 2020-05-21 CVE-2020-1107

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.

6.1 2020-05-21 CVE-2020-1106

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.

5.4 2020-05-21 CVE-2020-1104

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.

6.5 2020-05-21 CVE-2020-1103

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

5.4 2020-05-21 CVE-2020-1101

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.

5.4 2020-05-21 CVE-2020-1100

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.

8.8 2020-05-21 CVE-2020-1069

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8 2020-05-21 CVE-2020-1024

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.

8.8 2020-05-21 CVE-2020-1023

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

5.4 2020-04-15 CVE-2020-0978

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.

5.4 2020-04-15 CVE-2020-0976

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.

5.4 2020-04-15 CVE-2020-0975

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.

5.4 2020-04-15 CVE-2020-0972

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.

8.8 2020-04-15 CVE-2020-0971

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.

CWE : Common Weakness Enumeration

%idName
52% (47) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
15% (14) CWE-20 Improper Input Validation
8% (8) CWE-434 Unrestricted Upload of File with Dangerous Type
5% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (4) CWE-200 Information Exposure
3% (3) CWE-269 Improper Privilege Management
2% (2) CWE-352 Cross-Site Request Forgery (CSRF)
2% (2) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-502 Deserialization of Untrusted Data
1% (1) CWE-254 Security Features
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

SAINT Exploits

Description Link
Microsoft SharePoint Picker.aspx deserialization vulnerability More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0214 Multiple Vulnerabilities in Microsoft Office (MS15-099)
Severity: Category II - VMSKEY: V0061389
2015-A-0103 Multiple Vulnerabilities in Microsoft Office Products (MS15-046)
Severity: Category II - VMSKEY: V0060643
2015-A-0087 Multiple Vulnerabilities in Microsoft Office SharePoint Server (MS15-036)
Severity: Category II - VMSKEY: V0059889
2015-A-0052 Multiple Vulnerabilities in Microsoft Office (MS15-022)
Severity: Category II - VMSKEY: V0058999
2014-A-0125 Microsoft Sharepoint Server Elevation of Privilege Vulnerability
Severity: Category II - VMSKEY: V0053799
2014-A-0074 Multiple Vulnerabilities in Microsoft Office SharePoint Server
Severity: Category II - VMSKEY: V0050449

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 script tag in URI - likely cross-site scripting attempt
RuleID : 7070 - Type : POLICY-OTHER - Revision : 22
2020-06-10 Microsoft SharePoint TypeConverter remote code execution attempt
RuleID : 53866 - Type : SERVER-WEBAPP - Revision : 1
2020-03-24 Microsoft SharePoint file upload information disclosure attempt
RuleID : 53206 - Type : SERVER-WEBAPP - Revision : 1
2019-11-26 Microsoft Sharepoint DestinationFolder cross site scripting attempt
RuleID : 51981 - Type : SERVER-WEBAPP - Revision : 1
2019-10-10 Microsoft SharePoint remote code execution attempt
RuleID : 51480 - Type : FILE-OTHER - Revision : 1
2019-10-10 Microsoft SharePoint remote code execution attempt
RuleID : 51479 - Type : FILE-OTHER - Revision : 1
2019-10-10 Microsoft SharePoint deserialization attempt
RuleID : 51475 - Type : FILE-OTHER - Revision : 2
2019-10-10 Microsoft SharePoint deserialization attempt
RuleID : 51474 - Type : FILE-OTHER - Revision : 1
2019-10-08 Microsoft SharePoint BdcAdminService remote code execution attempt
RuleID : 51438 - Type : SERVER-WEBAPP - Revision : 1
2019-08-29 Win.Backdoor.Agent webshell inbound request attempt
RuleID : 51368-community - Type : MALWARE-BACKDOOR - Revision : 2
2019-10-01 Win.Backdoor.Agent webshell inbound request attempt
RuleID : 51368 - Type : MALWARE-BACKDOOR - Revision : 2
2019-12-19 Win.Backdoor.Chopper webshell inbound request attempt
RuleID : 50277-community - Type : MALWARE-BACKDOOR - Revision : 3
2019-07-02 Win.Backdoor.Chopper webshell inbound request attempt
RuleID : 50277 - Type : MALWARE-BACKDOOR - Revision : 3
2019-12-19 Win.Backdoor.Chopper webshell inbound request attempt
RuleID : 50276-community - Type : MALWARE-BACKDOOR - Revision : 3
2019-07-02 Win.Backdoor.Chopper webshell inbound request attempt
RuleID : 50276 - Type : MALWARE-BACKDOOR - Revision : 3
2019-07-02 Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt
RuleID : 50275 - Type : SERVER-WEBAPP - Revision : 1
2019-05-21 Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt
RuleID : 49861 - Type : SERVER-WEBAPP - Revision : 3
2016-10-13 Microsoft PowerPoint bogus JPEG marker length heap buffer overflow
RuleID : 40143 - Type : FILE-OFFICE - Revision : 2
2016-10-13 Microsoft PowerPoint bogus JPEG marker length heap buffer overflow
RuleID : 40142 - Type : FILE-OFFICE - Revision : 2
2015-06-17 Microsoft Office Word incorrect ptCount element denial of service attempt
RuleID : 34429 - Type : FILE-OFFICE - Revision : 3
2015-06-17 Microsoft Office Word incorrect ptCount element denial of service attempt
RuleID : 34428 - Type : FILE-OFFICE - Revision : 3
2015-04-14 Microsoft Sharepoint user display name XSS attempt
RuleID : 33809 - Type : SERVER-OTHER - Revision : 3
2015-04-14 Microsoft Sharepoint Server Newsfeed XSS attempt
RuleID : 33808 - Type : SERVER-OTHER - Revision : 3
2015-04-10 Microsoft Office Word incorrect schema property remote code execution attempt
RuleID : 33716 - Type : FILE-OFFICE - Revision : 2
2015-04-10 Microsoft Office Word incorrect schema property remote code execution attempt
RuleID : 33715 - Type : FILE-OFFICE - Revision : 2

Nessus® Vulnerability Scanner

id Description
2017-09-12 Name: The Microsoft Sharepoint Server installation on the remote host is affected b...
File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_may_office.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO
2016-09-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-099.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms15-046_office_2011.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-046.nasl - Type: ACT_GATHER_INFO
2015-04-14 Name: The remote Windows host is affected by multiple cross-site scripting vulnerab...
File: smb_nt_ms15-036.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-022.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The remote host is affected by an elevation of privilege vulnerability.
File: smb_nt_ms14-050.nasl - Type: ACT_GATHER_INFO
2014-05-14 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO