This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-09-17 |
| Product | Sharepoint Foundation | Last view | 2023-04-11 |
| Version | 2013 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Description | |
|---|---|---|---|
| 8.1 | 2023-04-11 | CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability |
| 3.1 | 2023-03-14 | CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability |
| 8.8 | 2023-02-14 | CVE-2023-21717 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| 9.8 | 2023-02-14 | CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability |
| 8.8 | 2023-01-10 | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2023-01-10 | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-12-13 | CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-12-13 | CVE-2022-44690 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 6.5 | 2022-11-09 | CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability |
| 8.8 | 2022-11-09 | CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-10-11 | CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-10-11 | CVE-2022-41037 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-10-11 | CVE-2022-41036 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-10-11 | CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-09-13 | CVE-2022-38009 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-09-13 | CVE-2022-38008 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-09-13 | CVE-2022-37961 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-09-13 | CVE-2022-35823 | Microsoft SharePoint Remote Code Execution Vulnerability |
| 8.8 | 2022-06-15 | CVE-2022-30158 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8.8 | 2022-05-10 | CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8 | 2022-04-15 | CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability |
| 8.8 | 2022-02-09 | CVE-2022-22005 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| 8 | 2022-02-09 | CVE-2022-21987 | Microsoft SharePoint Server Spoofing Vulnerability |
| 4.3 | 2022-02-09 | CVE-2022-21968 | Microsoft SharePoint Server Security Feature Bypass Vulnerability |
| 8.8 | 2022-01-11 | CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 60% (81) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 7% (10) | CWE-20 | Improper Input Validation |
| 5% (8) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 5% (8) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4% (6) | CWE-494 | Download of Code Without Integrity Check |
| 2% (4) | CWE-502 | Deserialization of Untrusted Data |
| 2% (3) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 1% (2) | CWE-346 | Origin Validation Error |
| 1% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (2) | CWE-200 | Information Exposure |
| 1% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (1) | CWE-476 | NULL Pointer Dereference |
| 0% (1) | CWE-436 | Interpretation Conflict |
| 0% (1) | CWE-269 | Improper Privilege Management |
| 0% (1) | CWE-116 | Improper Encoding or Escaping of Output |
| 0% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Oval Markup Language : Definitions
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7297 | HTML Sanitization Vulnerability (CVE-2010-3324) |
| oval:org.mitre.oval:def:12835 | XSS in SharePoint Calendar Vulnerability |
| oval:org.mitre.oval:def:12788 | Editform Script Injection Vulnerability |
| oval:org.mitre.oval:def:12864 | Contact Details Reflected XSS Vulnerability |
| oval:org.mitre.oval:def:12907 | SharePoint Remote File Disclosure Vulnerability |
| oval:org.mitre.oval:def:12676 | SharePoint XSS Vulnerability |
| oval:org.mitre.oval:def:14637 | XSS in inplview.aspx Vulnerability |
| oval:org.mitre.oval:def:14386 | XSS in themeweb.aspx Vulnerability |
| oval:org.mitre.oval:def:14826 | XSS in wizardlist.aspx Vulnerability |
| oval:org.mitre.oval:def:15589 | XSS scriptresx.ashx Vulnerability - MS12-050 |
| oval:org.mitre.oval:def:15544 | SharePoint Script in Username Vulnerability - MS12-050 |
| oval:org.mitre.oval:def:15689 | SharePoint Reflected List Parameter Vulnerability - MS12-050 |
| oval:org.mitre.oval:def:14976 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privile... |
| oval:org.mitre.oval:def:16596 | Callback Function Vulnerability - MS13-024 |
| oval:org.mitre.oval:def:16445 | SharePoint Directory Traversal Vulnerability - MS13-024 |
| oval:org.mitre.oval:def:16414 | Buffer Overflow Vulnerability - MS13-024 |
| oval:org.mitre.oval:def:16539 | Vulnerability in Microsoft OneNote could allow information disclosure - MS13-025 |
| oval:org.mitre.oval:def:16599 | Vulnerability in HTML sanitization component could allow elevation of privile... |
| oval:org.mitre.oval:def:19036 | Denial of service vulnerability in Microsoft SharePoint (CVE-2013-0081) - MS1... |
| oval:org.mitre.oval:def:18950 | Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) - MS13-073 |
| oval:org.mitre.oval:def:18543 | Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) MS13-073 (Ma... |
| oval:org.mitre.oval:def:18333 | Microsoft Office memory corruption vulnerability (CVE-2013-1315) - MS13-067 |
| oval:org.mitre.oval:def:19040 | MAC disabled vulnerability in Microsoft SharePoint and Microsoft Exchange Ser... |
| oval:org.mitre.oval:def:18750 | Cross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3179) - ... |
| oval:org.mitre.oval:def:19136 | Cross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - ... |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft SharePoint Picker.aspx deserialization vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75393 | Microsoft SharePoint Unspecified URI XSS |
| 75392 | Microsoft SharePoint XML File Arbitrary File Disclosure |
| 75391 | Microsoft SharePoint Contact Details XSS |
| 75390 | Microsoft SharePoint EditForm.aspx XSS |
| 75389 | Microsoft SharePoint SharePoint Calendar URI XSS |
| 75381 | Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Discl... |
| 68123 | Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS ... |
ExploitDB Exploits
| id | Description |
|---|---|
| 17873 | File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6 |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-10 | Name : Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517) File : nvt/secpod_ms12-066.nasl |
| 2012-07-11 | Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502) File : nvt/secpod_ms12-050.nasl |
| 2012-06-28 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) File : nvt/secpod_ms12-011.nasl |
| 2011-09-22 | Name : Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) File : nvt/secpod_ms10-072.nasl |
| 2011-09-14 | Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) File : nvt/secpod_ms11-074.nasl |
| 2010-10-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131) File : nvt/secpod_ms10-071.nasl |
| 2010-09-23 | Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0214 | Multiple Vulnerabilities in Microsoft Office (MS15-099) Severity: Category II - VMSKEY: V0061389 |
| 2015-A-0103 | Multiple Vulnerabilities in Microsoft Office Products (MS15-046) Severity: Category II - VMSKEY: V0060643 |
| 2015-A-0104 | Microsoft SharePoint Remote Code Execution Vulnerability (MS15-047) Severity: Category II - VMSKEY: V0060645 |
| 2015-A-0087 | Multiple Vulnerabilities in Microsoft Office SharePoint Server (MS15-036) Severity: Category II - VMSKEY: V0059889 |
| 2015-A-0052 | Multiple Vulnerabilities in Microsoft Office (MS15-022) Severity: Category II - VMSKEY: V0058999 |
| 2014-A-0175 | Microsoft SharePoint Privilege Escalation Vulnerability Severity: Category II - VMSKEY: V0057387 |
| 2014-A-0125 | Microsoft Sharepoint Server Elevation of Privilege Vulnerability Severity: Category II - VMSKEY: V0053799 |
| 2014-A-0074 | Multiple Vulnerabilities in Microsoft Office SharePoint Server Severity: Category II - VMSKEY: V0050449 |
| 2013-A-0231 | Multiple Vulnerabilities in Microsoft Exchange Server Severity: Category I - VMSKEY: V0042592 |
| 2013-A-0178 | Multiple Vulnerabilities in Microsoft Office Severity: Category II - VMSKEY: V0040289 |
| 2013-A-0174 | Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server Severity: Category II - VMSKEY: V0040292 |
| 2013-A-0171 | Multiple Remote Code Execution Vulnerabilities in Microsoft Excel Severity: Category I - VMSKEY: V0040295 |
| 2013-A-0083 | Microsoft Office HTML Sanitization Privilege Escalation Vulnerability Severity: Category II - VMSKEY: V0037613 |
| 2013-B-0027 | Microsoft OneNote Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0037411 |
| 2012-B-0017 | Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint Severity: Category II - VMSKEY: V0031349 |
| 2011-B-0115 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0030239 |
Snort® IPS/IDS
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Description |
|---|---|
| 2014-01-10 | script tag in URI - likely cross-site scripting attempt RuleID : 7070 - Type : POLICY-OTHER - Revision : 22 |
| 2021-02-11 | Microsoft Sharepoint Server remote code execution attempt RuleID : 56865 - Type : SERVER-OTHER - Revision : 1 |
| 2021-01-08 | Microsoft SharePoint external ImportWeb attempt RuleID : 56560 - Type : POLICY-OTHER - Revision : 1 |
| 2020-12-10 | Microsoft SharePoint remote code execution attempt RuleID : 56305 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-10 | Microsoft SharePoint remote code execution attempt RuleID : 56304 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-10 | Microsoft Sharepoint machineKey information disclosure attempt RuleID : 56303 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-01 | Microsoft Sharepoint DataFormWebPart remote code execution attempt RuleID : 56136 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-01 | Microsoft Sharepoint DataFormWebPart remote code execution attempt RuleID : 56135 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-12-01 | Microsoft Sharepoint DataFormWebPart remote code execution attempt RuleID : 56134 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-11-19 | Microsoft Sharepoint DataFormWebPart remote code execution attempt RuleID : 56070 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-11-19 | Microsoft Sharepoint DataFormWebPart fingerprinting attempt RuleID : 56069 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-11-03 | Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt RuleID : 55862 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-06-10 | Microsoft SharePoint TypeConverter remote code execution attempt RuleID : 53866 - Type : SERVER-WEBAPP - Revision : 1 |
| 2020-03-24 | Microsoft SharePoint file upload information disclosure attempt RuleID : 53206 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-11-26 | Microsoft Sharepoint DestinationFolder cross site scripting attempt RuleID : 51981 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-10-10 | Microsoft SharePoint remote code execution attempt RuleID : 51480 - Type : FILE-OTHER - Revision : 1 |
| 2019-10-10 | Microsoft SharePoint remote code execution attempt RuleID : 51479 - Type : FILE-OTHER - Revision : 1 |
| 2019-10-10 | Microsoft SharePoint deserialization attempt RuleID : 51475 - Type : FILE-OTHER - Revision : 2 |
| 2019-10-10 | Microsoft SharePoint deserialization attempt RuleID : 51474 - Type : FILE-OTHER - Revision : 1 |
| 2019-10-08 | Microsoft SharePoint BdcAdminService remote code execution attempt RuleID : 51438 - Type : SERVER-WEBAPP - Revision : 1 |
| 2019-08-29 | Win.Backdoor.Agent webshell inbound request attempt RuleID : 51368-community - Type : MALWARE-BACKDOOR - Revision : 2 |
| 2019-10-01 | Win.Backdoor.Agent webshell inbound request attempt RuleID : 51368 - Type : MALWARE-BACKDOOR - Revision : 2 |
| 2019-07-23 | Microsoft Office Excel malicious cce value following a PtgMemFunc token RuleID : 50462 - Type : FILE-OFFICE - Revision : 1 |
| 2019-07-23 | Microsoft Office Excel malicious cce value following a PtgMemFunc token RuleID : 50461 - Type : FILE-OFFICE - Revision : 1 |
| 2019-12-19 | Win.Backdoor.Chopper webshell inbound request attempt RuleID : 50277-community - Type : MALWARE-BACKDOOR - Revision : 4 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2017-09-12 | Name: The Microsoft Sharepoint Server installation on the remote host is affected b... File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO |
| 2017-05-10 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_may_office.nasl - Type: ACT_GATHER_INFO |
| 2017-03-15 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO |
| 2016-09-15 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO |
| 2016-09-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO |
| 2016-04-12 | Name: An application installed on the remote Windows host is affected by multiple r... File: smb_nt_ms16-042.nasl - Type: ACT_GATHER_INFO |
| 2016-02-22 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO |
| 2016-02-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO |
| 2015-10-13 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO |
| 2015-09-09 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms15-099.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote host is affected by multiple remote code execution vulnerabilities. File: smb_nt_ms15-046.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: An application installed on the remote Mac OS X host is affected by a remote ... File: macosx_ms15-046_office_2011.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: The remote host is affected by a remote code execution vulnerability. File: smb_nt_ms15-047.nasl - Type: ACT_GATHER_INFO |
| 2015-04-14 | Name: The remote Windows host is affected by multiple cross-site scripting vulnerab... File: smb_nt_ms15-036.nasl - Type: ACT_GATHER_INFO |
| 2015-03-11 | Name: The remote host is affected by multiple remote code execution vulnerabilities. File: smb_nt_ms15-022.nasl - Type: ACT_GATHER_INFO |
| 2014-11-12 | Name: The remote host is affected by a privilege escalation vulnerability. File: smb_nt_ms14-073.nasl - Type: ACT_GATHER_INFO |
| 2014-08-12 | Name: The remote host is affected by an elevation of privilege vulnerability. File: smb_nt_ms14-050.nasl - Type: ACT_GATHER_INFO |
| 2014-05-14 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO |
| 2013-12-11 | Name: The remote mail server has multiple vulnerabilities. File: smb_nt_ms13-105.nasl - Type: ACT_GATHER_INFO |
| 2013-09-11 | Name: It is possible to execute arbitrary code on the remote host through Microsoft... File: smb_nt_ms13-073.nasl - Type: ACT_GATHER_INFO |
| 2013-09-11 | Name: The Microsoft Office component installed on the remote host is affected by mu... File: smb_nt_ms13-072.nasl - Type: ACT_GATHER_INFO |
| 2013-09-11 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms13-067.nasl - Type: ACT_GATHER_INFO |
| 2013-09-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms13-073.nasl - Type: ACT_GATHER_INFO |
| 2013-04-10 | Name: The remote host is affected by a cross-site scripting vulnerability. File: smb_nt_ms13-035.nasl - Type: ACT_GATHER_INFO |
