Download
| Alert*
|
oval:org.secpod.oval:def:18567
Microsoft SharePoint Foundation 2013 SP1 is installed oval:org.secpod.oval:def:44602 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly verify tenant permissions. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the ... oval:org.secpod.oval:def:46358 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:46359 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:54662 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:54663 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:50058 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:45397 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:54670 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:58903 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:58904 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:54664 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:54665 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:58901 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:46431 The host is missing an important security update for KB4022243 oval:org.secpod.oval:def:24113 The host is installed with Microsoft SharePoint Server 2013 or Microsoft SharePoint Foundation 2013 and is prone to a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly sanitize a specially crafted request. Successful exploitation allows attackers to pe ... oval:org.secpod.oval:def:24114 The host is missing an important security update according to Microsoft bulletin, MS15-036. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly sanitize a specially crafted request. Successful exploitation allows attackers ... oval:org.secpod.oval:def:54737 The host is missing an important security update for KB4464564 oval:org.secpod.oval:def:51371 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:50692 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:54126 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:58982 The host is missing an important security update for KB4484122 oval:org.secpod.oval:def:51425 The host is missing a security update 4462208 oval:org.secpod.oval:def:42054 A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:50117 The host is missing an important security update for KB4461596 oval:org.secpod.oval:def:45455 The host is missing an important security update for KB4018398 oval:org.secpod.oval:def:42106 The host is missing an important security update KB4011117 oval:org.secpod.oval:def:23796 The host is installed with Microsoft SharePoint Foundation 2013 Gold and SP1 or SharePoint Server 2013 Gold or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted request. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:23795 The host is installed with Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1 or SharePoint Server 2013 Gold or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted r ... oval:org.secpod.oval:def:46039 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:46040 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:54214 The host is missing an important security update for KB4464515 oval:org.secpod.oval:def:44678 The host is missing a security update 4018304 oval:org.secpod.oval:def:46064 The host is missing an important security update for KB4022190 oval:org.secpod.oval:def:23797 The host is installed with Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold or SP1, Word 2013 Gold or SP1, Office 2013 RT Gold or SP1, Word 2013 RT Gold or SP1, Excel Viewer, Office C ... oval:org.secpod.oval:def:23792 The host is missing a critical security update according to Microsoft security bulletin, MS15-022. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a crafted file. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:54669 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:50693 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:24275 The host is installed with Microsoft Sharepoint Server 2007, 2010, Sharepoint Foundation 2010 or 2013 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle specially crafted page content. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:24276 The host is missing an important security update according to Microsoft security bulletin, MS15-047. The update is required to fix remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted page content. Successful exploitation could allo ... oval:org.secpod.oval:def:50696 A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof con ... oval:org.secpod.oval:def:50787 The host is missing a moderate severity security update for KB4462143 oval:org.secpod.oval:def:59704 The host is missing an important security update for KB4484157 oval:org.secpod.oval:def:58905 An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an ... oval:org.secpod.oval:def:55355 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:58979 The host is missing an important security update for KB4475608 oval:org.secpod.oval:def:55358 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:20803 The host is missing a critical security update according to Microsoft bulletin, MS14-050. The update is required to fix elevation of privilege vulnerability. The flaw is present in the application, which fails to handle a specially crafted app that uses the SharePoint extensibility model to execute ... oval:org.secpod.oval:def:20804 The host is installed with Microsoft SharePoint Foundation 2013 or Microsoft SharePoint Server 2013 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to handle a specially crafted app that uses the SharePoint extensibility model to execute ar ... oval:org.secpod.oval:def:58537 The host is missing a critical security update for KB4484098 oval:org.secpod.oval:def:58538 The host is missing an important security update 4484099 oval:org.secpod.oval:def:58433 An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an ... oval:org.secpod.oval:def:58434 A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF). To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attac ... oval:org.secpod.oval:def:58435 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:58431 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:58432 A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF). To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attac ... oval:org.secpod.oval:def:58438 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account ... oval:org.secpod.oval:def:58439 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account ... oval:org.secpod.oval:def:32925 The host is installed with Microsoft SharePoint Foundation 2013 and is prone to a cross-site-scripting vulnerability. A flaw is present in the application, which does not properly sanitize a specially crafted web request. An attacker who successfully exploited these vulnerabilities could then perfor ... oval:org.secpod.oval:def:54667 An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:18563 The host is missing a critical security update according to Microsoft bulletin, MS14-022. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly validate certain conditions. Successful exploitation allows attackers to run arbitrary c ... oval:org.secpod.oval:def:18571 The host is installed with SharePoint Server 2013 Client Components SDK, Microsoft Office Web Apps Server 2013, SP1, Microsoft SharePoint Server 2013 or Microsoft SharePoint Foundation 2013 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to pro ... oval:org.secpod.oval:def:18570 The host is installed with SharePoint Server 2013 Client Components SDK, Microsoft SharePoint Designer 2007 SP3, 2010 SP1, SP2, 2013, SP1, Microsoft Office Web Apps Server 2013, SP1, Microsoft Windows SharePoint Services 3.0 SP3, SharePoint Server 2007, 2010 SP1, SP2, 2013, Microsoft SharePoint Foun ... oval:org.secpod.oval:def:64202 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64203 A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:64329 The host is missing a critical security update 4484411 oval:org.secpod.oval:def:49070 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:39345 An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The at ... oval:org.secpod.oval:def:61935 The host is missing an important security update for KB4484124 oval:org.secpod.oval:def:26546 The host is missing a critical security update according to Microsoft bulletin, MS15-099. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle objects in memory or handle a specially crafted Office file. An attacker who succ ... oval:org.secpod.oval:def:61932 The host is missing an important security update for KB4484282 oval:org.secpod.oval:def:61829 This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful ... oval:org.secpod.oval:def:49713 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the ... oval:org.secpod.oval:def:62495 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:62494 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:61837 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:61834 This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful ... oval:org.secpod.oval:def:40470 An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The at ... oval:org.secpod.oval:def:64200 A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deseri ... oval:org.secpod.oval:def:57354 The host is missing an important security update for KB4475527 oval:org.secpod.oval:def:49733 The host is missing an important security update for KB4461558 oval:org.secpod.oval:def:62497 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:62496 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63089 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:15686 The host is installed with Microsoft Windows SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly sanitize the conte ... oval:org.secpod.oval:def:63088 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:63641 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63087 An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF). When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal ... oval:org.secpod.oval:def:63643 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:63085 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63644 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:15687 The host is installed with Microsoft Windows 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, whic ... oval:org.secpod.oval:def:63082 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:63081 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:63080 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:63650 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:40532 The host is missing an important security update KB3191914 oval:org.secpod.oval:def:63091 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:62571 The host is missing an important security update for KB4011581 oval:org.secpod.oval:def:63651 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63652 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63653 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:15678 Microsoft SharePoint Foundation 2013 is installed oval:org.secpod.oval:def:15679 The host is installed with Microsoft Windows SharePoint Services 2.0, 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to denial of service vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:63656 An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated SharePoint user clicks the link, the authenticated us ... oval:org.secpod.oval:def:63779 The host is missing an important security update for KB4484409 oval:org.secpod.oval:def:30010 The host is installed with Microsoft SharePoint Server 2010, 2013, Foundation 2013, Office Web Apps 2010 or Web Apps Server 2013 and is prone to a XSS spoofing vulnerability. A flaw is present in the applications, which fail to properly sanitize a specially crafted request. Successful exploitation c ... oval:org.secpod.oval:def:30011 The host is installed with Sharepoint Server 2013 or Sharepoint Foundation 2013 and is prone to a security feature bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the appropriate permission level for an application or user. Successful exploitation could al ... oval:org.secpod.oval:def:26551 The host is installed with Microsoft SharePoint Foundation 2013 and is prone to a XSS spoofing vulnerability. A flaw is present in the application, which fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-si ... oval:org.secpod.oval:def:49139 The host is missing an important security update for KB4461511 oval:org.secpod.oval:def:62508 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:62504 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:62503 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:62502 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:62500 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:57964 The host is missing an important security update for KB4475565 oval:org.secpod.oval:def:62514 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:62512 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:62511 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:57864 An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted ap ... oval:org.secpod.oval:def:55452 The host is missing an important security update for KB4464602 oval:org.secpod.oval:def:62613 The host is missing an important security update for KB4484321 oval:org.secpod.oval:def:62507 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:63090 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63177 The host is missing an important security update for KB4484364 oval:org.secpod.oval:def:86117 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:86116 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:85454 The host is missing an important security update for KB5002303 oval:org.secpod.oval:def:83896 The host is missing an important security update for KB5002159 oval:org.secpod.oval:def:83866 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:83867 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:83902 The host is missing an important security update for KB5002267 oval:org.secpod.oval:def:83864 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:83865 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:30006 The host is missing an important security update according to Microsoft security bulletin, MS15-110. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted Microsoft Office file. Successful exploi ... oval:org.secpod.oval:def:32605 The host is installed with Microsoft SharePoint Foundation or Server 2013 and is prone to a security feature bypass vulnerability. The flaws are present in the Microsoft SharePoint when Access Control Policy (ACP), which fails to handle modification of webpart. Successful exploitation could allow re ... oval:org.secpod.oval:def:32607 The host is missing a critical security update according to Microsoft security bulletin, MS16-004. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted Microsoft Office file. Successful exploit ... oval:org.secpod.oval:def:32606 The host is installed with Microsoft SharePoint Foundation or Server 2013 and is prone to a security feature bypass vulnerability. The flaws are present in the Microsoft SharePoint when Access Control Policy (ACP), which fails to handle modification of webpart. Successful exploitation could allow re ... oval:org.secpod.oval:def:39346 The host is missing an important security update according to Microsoft security bulletin, MS17-002. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle objects in memory. Successful exploitation could allow to execute arbi ... oval:org.secpod.oval:def:32926 The host is missing a critical security update according to Microsoft security bulletin, MS16-015. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted office file. Successful exploitation allows attackers to corrupt ... oval:org.secpod.oval:def:35961 The host is missing an important security update according to Microsoft bulletin, MS16-088. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle objects in memory. Successful exploitation could allow to execute arbitrary cod ... oval:org.secpod.oval:def:78714 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:61830 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fil ... oval:org.secpod.oval:def:55356 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fil ... oval:org.secpod.oval:def:61835 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fil ... oval:org.secpod.oval:def:71865 The host is missing an important security update 5001935 oval:org.secpod.oval:def:71813 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:71811 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:71810 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:71812 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:71808 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:71809 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:71807 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:75280 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:75341 The host is missing an important security update for KB5002042 oval:org.secpod.oval:def:75279 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:75278 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73233 The host is missing an important security update 5001939 oval:org.secpod.oval:def:73214 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73212 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:73213 Microsoft SharePoint Server Information Disclosure Vulnerability oval:org.secpod.oval:def:73215 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:73245 The host is missing a critical security update 5001962 oval:org.secpod.oval:def:73216 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73217 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73218 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:77640 Microsoft SharePoint Server Security Feature Bypass Vulnerability oval:org.secpod.oval:def:15677 The host is missing a critical security update according to Microsoft bulletin, MS13-067. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle certain vectors and improperly validates inputs. Successful exploitation allows a ... oval:org.secpod.oval:def:78711 Microsoft Excel Remote Code Execution Vulnerability. oval:org.secpod.oval:def:87477 Microsoft Word Remote Code Execution Vulnerability oval:org.secpod.oval:def:87562 The host is missing a critical security update for KB5002347 oval:org.secpod.oval:def:87554 The host is missing a critical security update for KB5002312 oval:org.secpod.oval:def:87478 Microsoft SharePoint Server Elevation of Privilege Vulnerability oval:org.secpod.oval:def:88133 The host is missing an important security update for KB5002367 oval:org.secpod.oval:def:88034 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:88124 The host is missing an important security update for KB5002168 oval:org.secpod.oval:def:88928 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:81578 The host is missing an important security update for KB5002219 oval:org.secpod.oval:def:81505 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:79932 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:79994 The host is missing an important security update for KB5002203 oval:org.secpod.oval:def:77055 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:77054 Microsoft Office Remote Code Execution Vulnerability oval:org.secpod.oval:def:77125 The host is missing a critical security update for KB5002129 oval:org.secpod.oval:def:77123 The host is missing a critical security update 5002127 oval:org.secpod.oval:def:76459 The host is missing an important security update for KB5002071 oval:org.secpod.oval:def:76453 The host is missing an important security update for KB5002015 oval:org.secpod.oval:def:76399 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:76398 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:76397 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:74930 The host is missing an important security update for KB5002024 oval:org.secpod.oval:def:74875 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:74874 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73728 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73729 Microsoft SharePoint Server Spoofing Vulnerability oval:org.secpod.oval:def:73726 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:73727 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:73725 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:73863 The host is missing a moderate severity security update for KB5001996 oval:org.secpod.oval:def:73861 The host is missing a moderate severity security update for KB5001992 oval:org.secpod.oval:def:69983 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:70081 The host is missing an important security update for KB4493238 oval:org.secpod.oval:def:70067 The host is missing an important security update 4493177 oval:org.secpod.oval:def:69973 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:69008 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:69009 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:69014 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:69015 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:69070 The host is missing an important security update for KB4493210 oval:org.secpod.oval:def:68162 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:68163 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:68165 Microsoft SharePoint Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68275 The host is missing an important security update for KB4493175 oval:org.secpod.oval:def:68170 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:67679 Microsoft SharePoint Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67681 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:67720 The host is missing an important security update 4486696 oval:org.secpod.oval:def:67734 The host is missing a moderate severity security update for KB4493138 oval:org.secpod.oval:def:67680 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:67683 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:67684 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:66964 The host is missing a low severity security update for KB4486733 oval:org.secpod.oval:def:66909 The host is installed with Microsoft SharePoint products and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:66905 The host is installed with Microsoft SharePoint products and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow an attacker to disclosure sensitive information. oval:org.secpod.oval:def:66903 The host is installed with Microsoft SharePoint products and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow a remote attacker to perform spoofing attacks. oval:org.secpod.oval:def:66902 The host is installed with Microsoft SharePoint products and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow an attacker to disclose sensitive information. oval:org.secpod.oval:def:66048 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:66047 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:66049 An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:66141 The host is missing an important security update for KB4486694 oval:org.secpod.oval:def:66042 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:66044 An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:66039 An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of th ... oval:org.secpod.oval:def:66040 This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful ... oval:org.secpod.oval:def:66041 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:66038 An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of th ... oval:org.secpod.oval:def:65543 The host is missing an important security update for KB4484525 oval:org.secpod.oval:def:65388 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account ... oval:org.secpod.oval:def:65385 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65386 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65383 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65529 The host is missing a critical security update for KB4484488 oval:org.secpod.oval:def:65380 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65381 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:65382 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65379 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65377 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65367 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65368 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65369 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64337 The host is missing an important security update for KB4484448 oval:org.secpod.oval:def:64196 An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an ... oval:org.secpod.oval:def:64917 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64919 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64980 The host is missing an important security update for KB4484487 oval:org.secpod.oval:def:64923 An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:64925 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:64926 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:57244 An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges. ... |
