Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2006-12-18 |
Product | Project Server | Last view | 2020-04-15 |
Version | 2010 | Type | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.4 | 2020-04-15 | CVE-2020-0954 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978. |
5.4 | 2019-06-12 | CVE-2019-1036 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033. |
5.4 | 2019-06-12 | CVE-2019-1033 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036. |
5.4 | 2019-06-12 | CVE-2019-1031 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036. |
5.4 | 2018-06-14 | CVE-2018-8254 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. |
5.4 | 2018-05-09 | CVE-2018-8156 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. |
8.8 | 2018-03-14 | CVE-2018-0944 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0916 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0915 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0914 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0913 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0912 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0911 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0910 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2018-03-14 | CVE-2018-0909 | Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. |
8.8 | 2017-11-14 | CVE-2017-11876 | Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". |
6.1 | 2017-06-14 | CVE-2017-8551 | An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". |
7.8 | 2017-05-12 | CVE-2017-0281 | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262. |
9.3 | 2015-11-11 | CVE-2015-2503 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability." |
4.3 | 2015-04-14 | CVE-2015-1640 | Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." |
9 | 2014-05-14 | CVE-2014-0251 | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." |
9.3 | 2009-12-09 | CVE-2009-0102 | Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." |
6.5 | 2006-12-18 | CVE-2006-6617 | projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
80% (17) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
4% (1) | CWE-399 | Resource Management Errors |
4% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
4% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
4% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:6298 | Project Memory Validation Vulnerability |
oval:org.mitre.oval:def:24567 | SharePoint Page Content Vulnerabilities (CVE-2014-0251) - MS14-022 |
oval:org.mitre.oval:def:28565 | Microsoft SharePoint XSS vulnerability – CVE-2015-1640 (MS15-036) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
60830 | Microsoft Office Project File Handling Memory Validation Arbitrary Code Execu... |
31896 | Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Dat... |
OpenVAS Exploits
id | Description |
---|---|
2009-12-14 | Name : Microsoft Office Project Remote Code Execution Vulnerability (967183) File : nvt/secpod_ms09-074.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0087 | Multiple Vulnerabilities in Microsoft Office SharePoint Server (MS15-036) Severity: Category II - VMSKEY: V0059889 |
2014-A-0074 | Multiple Vulnerabilities in Microsoft Office SharePoint Server Severity: Category II - VMSKEY: V0050449 |
2009-A-0129 | Microsoft Windows Office Project Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0022099 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50823 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50822 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50821 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50820 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50819 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50818 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50817 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50816 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50815 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50814 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50813 - Type : FILE-OFFICE - Revision : 1 |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50812 - Type : FILE-OFFICE - Revision : 1 |
2016-03-14 | Microsoft Office Word CoCreateInstance elevation of privilege attempt RuleID : 36721 - Type : FILE-OFFICE - Revision : 3 |
2016-03-14 | Microsoft Office Word CoCreateInstance elevation of privilege attempt RuleID : 36720 - Type : FILE-OFFICE - Revision : 3 |
2015-05-14 | Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt RuleID : 34099 - Type : SERVER-OTHER - Revision : 3 |
2014-01-10 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 16328 - Type : FILE-OFFICE - Revision : 13 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-11-15 | Name: The Microsoft SharePoint Server or Microsoft Project Server installation on t... File: smb_nt_ms17_nov_office_sharepoint.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_may_office.nasl - Type: ACT_GATHER_INFO |
2015-11-10 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO |
2015-04-14 | Name: The remote Windows host is affected by multiple cross-site scripting vulnerab... File: smb_nt_ms15-036.nasl - Type: ACT_GATHER_INFO |
2014-05-14 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO |
2009-12-08 | Name: Arbitrary code can be executed on the remote host through Microsoft Project. File: smb_nt_ms09-074.nasl - Type: ACT_GATHER_INFO |