This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2010-09-17
Product Sharepoint Foundation Last view 2021-07-16
Version 2013 Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:* 155
cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:* 69
cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:* 21
cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:* 12
cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:* 4
cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:* 3

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2021-07-16 CVE-2021-34467

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520.

8.8 2021-07-14 CVE-2021-34520

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468.

3.5 2021-07-14 CVE-2021-34519

Microsoft SharePoint Server Information Disclosure Vulnerability

5.3 2021-07-14 CVE-2021-34517

Microsoft SharePoint Server Spoofing Vulnerability

8 2021-07-14 CVE-2021-34468

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34520.

7.2 2021-06-08 CVE-2021-31966

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963.

6.5 2021-06-08 CVE-2021-31965

Microsoft SharePoint Server Information Disclosure Vulnerability

8.1 2021-06-08 CVE-2021-31964

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950.

8.8 2021-06-08 CVE-2021-31963

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966.

8.1 2021-06-08 CVE-2021-31950

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964.

8.1 2021-06-08 CVE-2021-31948

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31950, CVE-2021-31964.

8.8 2021-06-08 CVE-2021-26420

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.

8.8 2021-05-11 CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

6.5 2021-05-11 CVE-2021-31173

Microsoft SharePoint Server Information Disclosure Vulnerability

7.1 2021-05-11 CVE-2021-31172

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.

4.4 2021-05-11 CVE-2021-31171

Microsoft SharePoint Information Disclosure Vulnerability

7.1 2021-05-11 CVE-2021-28478

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.

8.8 2021-05-11 CVE-2021-28474

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.1 2021-05-11 CVE-2021-26418

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.

6.5 2021-04-13 CVE-2021-28450

Microsoft SharePoint Denial of Service Update

8.8 2021-03-11 CVE-2021-27076

Microsoft SharePoint Server Remote Code Execution Vulnerability

5.4 2021-03-11 CVE-2021-24104

Microsoft SharePoint Spoofing Vulnerability

8.8 2021-02-25 CVE-2021-24072

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.5 2021-02-25 CVE-2021-24071

Microsoft SharePoint Information Disclosure Vulnerability

8.8 2021-02-25 CVE-2021-24066

Microsoft SharePoint Remote Code Execution Vulnerability

CWE : Common Weakness Enumeration

%idName
58% (81) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (14) CWE-20 Improper Input Validation
5% (8) CWE-434 Unrestricted Upload of File with Dangerous Type
5% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (6) CWE-494 Download of Code Without Integrity Check
3% (5) CWE-200 Information Exposure
2% (3) CWE-502 Deserialization of Untrusted Data
2% (3) CWE-352 Cross-Site Request Forgery (CSRF)
1% (2) CWE-346 Origin Validation Error
1% (2) CWE-264 Permissions, Privileges, and Access Controls
0% (1) CWE-476 NULL Pointer Dereference
0% (1) CWE-269 Improper Privilege Management
0% (1) CWE-116 Improper Encoding or Escaping of Output
0% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
0% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:7297 HTML Sanitization Vulnerability (CVE-2010-3324)
oval:org.mitre.oval:def:12835 XSS in SharePoint Calendar Vulnerability
oval:org.mitre.oval:def:12788 Editform Script Injection Vulnerability
oval:org.mitre.oval:def:12864 Contact Details Reflected XSS Vulnerability
oval:org.mitre.oval:def:12907 SharePoint Remote File Disclosure Vulnerability
oval:org.mitre.oval:def:12676 SharePoint XSS Vulnerability
oval:org.mitre.oval:def:14637 XSS in inplview.aspx Vulnerability
oval:org.mitre.oval:def:14386 XSS in themeweb.aspx Vulnerability
oval:org.mitre.oval:def:14826 XSS in wizardlist.aspx Vulnerability
oval:org.mitre.oval:def:15589 XSS scriptresx.ashx Vulnerability - MS12-050
oval:org.mitre.oval:def:15544 SharePoint Script in Username Vulnerability - MS12-050
oval:org.mitre.oval:def:15689 SharePoint Reflected List Parameter Vulnerability - MS12-050
oval:org.mitre.oval:def:14976 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privile...
oval:org.mitre.oval:def:16596 Callback Function Vulnerability - MS13-024
oval:org.mitre.oval:def:16445 SharePoint Directory Traversal Vulnerability - MS13-024
oval:org.mitre.oval:def:16414 Buffer Overflow Vulnerability - MS13-024
oval:org.mitre.oval:def:16539 Vulnerability in Microsoft OneNote could allow information disclosure - MS13-025
oval:org.mitre.oval:def:16599 Vulnerability in HTML sanitization component could allow elevation of privile...
oval:org.mitre.oval:def:19036 Denial of service vulnerability in Microsoft SharePoint (CVE-2013-0081) - MS1...
oval:org.mitre.oval:def:18950 Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) - MS13-073
oval:org.mitre.oval:def:18543 Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) MS13-073 (Ma...
oval:org.mitre.oval:def:18333 Microsoft Office memory corruption vulnerability (CVE-2013-1315) - MS13-067
oval:org.mitre.oval:def:19040 MAC disabled vulnerability in Microsoft SharePoint and Microsoft Exchange Ser...
oval:org.mitre.oval:def:18750 Cross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3179) - ...
oval:org.mitre.oval:def:19136 Cross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - ...

SAINT Exploits

Description Link
Microsoft SharePoint Picker.aspx deserialization vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
75393 Microsoft SharePoint Unspecified URI XSS
75392 Microsoft SharePoint XML File Arbitrary File Disclosure
75391 Microsoft SharePoint Contact Details XSS
75390 Microsoft SharePoint EditForm.aspx XSS
75389 Microsoft SharePoint SharePoint Calendar URI XSS
75381 Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Discl...
68123 Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS ...

ExploitDB Exploits

id Description
17873 File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6

OpenVAS Exploits

id Description
2012-10-10 Name : Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
File : nvt/secpod_ms12-066.nasl
2012-07-11 Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
File : nvt/secpod_ms12-050.nasl
2012-06-28 Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
File : nvt/secpod_ms12-011.nasl
2011-09-22 Name : Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
File : nvt/secpod_ms10-072.nasl
2011-09-14 Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
File : nvt/secpod_ms11-074.nasl
2010-10-13 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
File : nvt/secpod_ms10-071.nasl
2010-09-23 Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0214 Multiple Vulnerabilities in Microsoft Office (MS15-099)
Severity: Category II - VMSKEY: V0061389
2015-A-0103 Multiple Vulnerabilities in Microsoft Office Products (MS15-046)
Severity: Category II - VMSKEY: V0060643
2015-A-0104 Microsoft SharePoint Remote Code Execution Vulnerability (MS15-047)
Severity: Category II - VMSKEY: V0060645
2015-A-0087 Multiple Vulnerabilities in Microsoft Office SharePoint Server (MS15-036)
Severity: Category II - VMSKEY: V0059889
2015-A-0052 Multiple Vulnerabilities in Microsoft Office (MS15-022)
Severity: Category II - VMSKEY: V0058999
2014-A-0175 Microsoft SharePoint Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0057387
2014-A-0125 Microsoft Sharepoint Server Elevation of Privilege Vulnerability
Severity: Category II - VMSKEY: V0053799
2014-A-0074 Multiple Vulnerabilities in Microsoft Office SharePoint Server
Severity: Category II - VMSKEY: V0050449
2013-A-0231 Multiple Vulnerabilities in Microsoft Exchange Server
Severity: Category I - VMSKEY: V0042592
2013-A-0178 Multiple Vulnerabilities in Microsoft Office
Severity: Category II - VMSKEY: V0040289
2013-A-0174 Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity: Category II - VMSKEY: V0040292
2013-A-0171 Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity: Category I - VMSKEY: V0040295
2013-A-0083 Microsoft Office HTML Sanitization Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0037613
2013-B-0027 Microsoft OneNote Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0037411
2012-B-0017 Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint
Severity: Category II - VMSKEY: V0031349
2011-B-0115 Multiple Vulnerabilities in Microsoft Office SharePoint
Severity: Category II - VMSKEY: V0030239

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 script tag in URI - likely cross-site scripting attempt
RuleID : 7070 - Type : POLICY-OTHER - Revision : 22
2021-02-11 Microsoft Sharepoint Server remote code execution attempt
RuleID : 56865 - Type : SERVER-OTHER - Revision : 1
2021-01-08 Microsoft SharePoint external ImportWeb attempt
RuleID : 56560 - Type : POLICY-OTHER - Revision : 1
2020-12-10 Microsoft SharePoint remote code execution attempt
RuleID : 56305 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft SharePoint remote code execution attempt
RuleID : 56304 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Sharepoint machineKey information disclosure attempt
RuleID : 56303 - Type : SERVER-WEBAPP - Revision : 1
2020-12-01 Microsoft Sharepoint DataFormWebPart remote code execution attempt
RuleID : 56136 - Type : SERVER-WEBAPP - Revision : 1
2020-12-01 Microsoft Sharepoint DataFormWebPart remote code execution attempt
RuleID : 56135 - Type : SERVER-WEBAPP - Revision : 1
2020-12-01 Microsoft Sharepoint DataFormWebPart remote code execution attempt
RuleID : 56134 - Type : SERVER-WEBAPP - Revision : 1
2020-11-19 Microsoft Sharepoint DataFormWebPart remote code execution attempt
RuleID : 56070 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-11-19 Microsoft Sharepoint DataFormWebPart fingerprinting attempt
RuleID : 56069 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-11-03 Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt
RuleID : 55862 - Type : SERVER-WEBAPP - Revision : 2
2020-06-10 Microsoft SharePoint TypeConverter remote code execution attempt
RuleID : 53866 - Type : SERVER-WEBAPP - Revision : 1
2020-03-24 Microsoft SharePoint file upload information disclosure attempt
RuleID : 53206 - Type : SERVER-WEBAPP - Revision : 1
2019-11-26 Microsoft Sharepoint DestinationFolder cross site scripting attempt
RuleID : 51981 - Type : SERVER-WEBAPP - Revision : 1
2019-10-10 Microsoft SharePoint remote code execution attempt
RuleID : 51480 - Type : FILE-OTHER - Revision : 1
2019-10-10 Microsoft SharePoint remote code execution attempt
RuleID : 51479 - Type : FILE-OTHER - Revision : 1
2019-10-10 Microsoft SharePoint deserialization attempt
RuleID : 51475 - Type : FILE-OTHER - Revision : 2
2019-10-10 Microsoft SharePoint deserialization attempt
RuleID : 51474 - Type : FILE-OTHER - Revision : 1
2019-10-08 Microsoft SharePoint BdcAdminService remote code execution attempt
RuleID : 51438 - Type : SERVER-WEBAPP - Revision : 1
2019-08-29 Win.Backdoor.Agent webshell inbound request attempt
RuleID : 51368-community - Type : MALWARE-BACKDOOR - Revision : 2
2019-10-01 Win.Backdoor.Agent webshell inbound request attempt
RuleID : 51368 - Type : MALWARE-BACKDOOR - Revision : 2
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Type : FILE-OFFICE - Revision : 1
2019-12-19 Win.Backdoor.Chopper webshell inbound request attempt
RuleID : 50277-community - Type : MALWARE-BACKDOOR - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-09-12 Name: The Microsoft Sharepoint Server installation on the remote host is affected b...
File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_may_office.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO
2016-09-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms16-042.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-099.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-046.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms15-046_office_2011.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms15-047.nasl - Type: ACT_GATHER_INFO
2015-04-14 Name: The remote Windows host is affected by multiple cross-site scripting vulnerab...
File: smb_nt_ms15-036.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-022.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote host is affected by a privilege escalation vulnerability.
File: smb_nt_ms14-073.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The remote host is affected by an elevation of privilege vulnerability.
File: smb_nt_ms14-050.nasl - Type: ACT_GATHER_INFO
2014-05-14 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The remote mail server has multiple vulnerabilities.
File: smb_nt_ms13-105.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: It is possible to execute arbitrary code on the remote host through Microsoft...
File: smb_nt_ms13-073.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: The Microsoft Office component installed on the remote host is affected by mu...
File: smb_nt_ms13-072.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-067.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms13-073.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: The remote host is affected by a cross-site scripting vulnerability.
File: smb_nt_ms13-035.nasl - Type: ACT_GATHER_INFO