Download
| Alert*
oval:org.secpod.oval:def:6369
Microsoft SharePoint Foundation 2010 SP1 is installed oval:org.secpod.oval:def:43497 The host is missing an important security update 3141547 oval:org.secpod.oval:def:43437 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:50692 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:54127 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:58985 The host is missing an important security update for KB4484131 oval:org.secpod.oval:def:21545 The host is installed with Microsoft SharePoint Foundation 2010 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly sanitize page content in SharePoint lists. Successful exploitation could allow attackers to run arbitrary code in the ... oval:org.secpod.oval:def:21546 The host is missing an important security update according to Microsoft security bulletin, MS14-073. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly sanitize page content in SharePoint lists. Successful exploitation ... oval:org.secpod.oval:def:58903 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:58904 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint serv ... oval:org.secpod.oval:def:54664 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:10775 The host is installed with Microsoft Infopath 2010, SharePoint Server 2010, SharePoint Foundation 2010, Office Web Apps 2010 or Groove Server 2010 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which is caused by the way that HTML strings are sanitized. ... oval:org.secpod.oval:def:10776 The host is missing an important security update according to Microsoft bulletin, MS13-035. The update is required to fix elevation of privilege vulnerability. A flaw is present in the applications, which is caused by the way that HTML strings are sanitized. Successful exploitation allows attackers ... oval:org.secpod.oval:def:23795 The host is installed with Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1 or SharePoint Server 2013 Gold or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted r ... oval:org.secpod.oval:def:54217 The host is missing an important security update for KB4464528 oval:org.secpod.oval:def:54739 The host is missing an important security update for KB4464573 oval:org.secpod.oval:def:4144 The host is missing an important security update according to Microsoft security bulletin, MS12-011. The update is required to fix elevation of privilege or information disclosure vulnerabilities. The flaws are present due to improper handling of URL containing malicious JavaScript elements. Success ... oval:org.secpod.oval:def:4142 The host is installed with Microsoft SharePoint Server 2010 and SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present due to improper handling of URL containing malicious JavaScript elements. Successful exploitation could allow attackers to issue SharePoint ... oval:org.secpod.oval:def:4143 The host is installed with Microsoft SharePoint Server 2010 and SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present due to improper handling of URL containing malicious JavaScript elements. Successful exploitation could allow attackers to issue SharePoint ... oval:org.secpod.oval:def:4141 The host is installed with Microsoft SharePoint Server 2010 and is prone to cross-site scripting vulnerability. A flaw is present due to improper handling of URL containing malicious JavaScript elements. Successful exploitation could allow attackers to issue SharePoint commands in the context of the ... oval:org.secpod.oval:def:23797 The host is installed with Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold or SP1, Word 2013 Gold or SP1, Office 2013 RT Gold or SP1, Word 2013 RT Gold or SP1, Excel Viewer, Office C ... oval:org.secpod.oval:def:23792 The host is missing a critical security update according to Microsoft security bulletin, MS15-022. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a crafted file. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:9726 The host is installed with Microsoft SharePoint Foundation 2010 and is prone toelevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user input. Successful exploitation allows attackers to read unauthorized content. oval:org.secpod.oval:def:50693 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:24275 The host is installed with Microsoft Sharepoint Server 2007, 2010, Sharepoint Foundation 2010 or 2013 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle specially crafted page content. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:24276 The host is missing an important security update according to Microsoft security bulletin, MS15-047. The update is required to fix remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted page content. Successful exploitation could allo ... oval:org.secpod.oval:def:50783 The host is missing a critical security update for KB4461630 oval:org.secpod.oval:def:59709 The host is missing an important security update for KB4484165 oval:org.secpod.oval:def:9725 The host is installed with Microsoft SharePoint Foundation 2010 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly validate user input. Successful exploitation allows attackers to read unauthorized content. oval:org.secpod.oval:def:58533 The host is missing a critical security update for KB4475605 oval:org.secpod.oval:def:58433 An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an ... oval:org.secpod.oval:def:58431 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:58438 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account ... oval:org.secpod.oval:def:24307 The host is installed with Office 2010, 2013, Word 2010, 2013, Excel 2010, 2013, Powerpoint 2010,2013, Powerpoint Viewer, Sharepoint Server 2010, 2013, Foundation 2010, 2013, Office Web Apps 2010 or 2013 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which ... oval:org.secpod.oval:def:24310 The host is missing an important security update according to Microsoft security bulletin, MS15-046. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle a crafted file. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:9727 The host is installed with Microsoft SharePoint Foundation 2010 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly validate user input. Successful exploitation allows attackers to cause the W3WP process to terminate. oval:org.secpod.oval:def:18563 The host is missing a critical security update according to Microsoft bulletin, MS14-022. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly validate certain conditions. Successful exploitation allows attackers to run arbitrary c ... oval:org.secpod.oval:def:18570 The host is installed with SharePoint Server 2013 Client Components SDK, Microsoft SharePoint Designer 2007 SP3, 2010 SP1, SP2, 2013, SP1, Microsoft Office Web Apps Server 2013, SP1, Microsoft Windows SharePoint Services 3.0 SP3, SharePoint Server 2007, 2010 SP1, SP2, 2013, Microsoft SharePoint Foun ... oval:org.secpod.oval:def:15686 The host is installed with Microsoft Windows SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly sanitize the conte ... oval:org.secpod.oval:def:63643 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:15687 The host is installed with Microsoft Windows 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, whic ... oval:org.secpod.oval:def:63648 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:49741 The host is missing an important security update for KB4461580 oval:org.secpod.oval:def:63650 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:63651 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:15674 The host is missing a critical security update according to Microsoft bulletin, MS13-084. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle certain vectors and improperly validates inputs. Successful exploitation allows a ... oval:org.secpod.oval:def:63772 The host is missing an important security update for KB4484391 oval:org.secpod.oval:def:15675 Microsoft SharePoint Foundation 2010 Service Pack 2 is installed oval:org.secpod.oval:def:63652 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:15679 The host is installed with Microsoft Windows SharePoint Services 2.0, 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, SharePoint Foundation 2013, SharePoint Server 2013 and is prone to denial of service vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:15676 The host is installed with Microsoft SharePoint Server 2007 SP3 or before, SharePoint Foundation 2010 or Microsoft SharePoint Services 3.0 and is prone to remote code execution vulnerability. The flaw is present in the applications, which fail to properly properly handle objects in memory while pars ... oval:org.secpod.oval:def:63781 The host is missing an important security update for KB4484414 oval:org.secpod.oval:def:2261 Microsoft SharePoint Foundation 2010 is installed oval:org.secpod.oval:def:2263 The host is installed with Microsoft SharePoint Server 2010 or 2010 SP1, or Microsoft SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present in the applications where Microsoft SharePoint does not properly handle malicious JavaScript elements contained withi ... oval:org.secpod.oval:def:2266 The host is installed with Microsoft Office SharePoint Server 2010 or SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present in the application which fails to properly validate user input. Successful exploitation allows remote attackers to disclose sensitive ... oval:org.secpod.oval:def:2268 The host is installed with Microsoft Office Web Apps 2010 or SP1 or Microsoft SharePoint Foundation 2010 or Microsoft Windows SharePoint Services 3.0 Service Pack 2 or Microsoft Groove Server 2010 or SP1 or Microsoft Office SharePoint Server 2010 or SP1 or Microsoft Office SharePoint Server 2007 SP ... oval:org.secpod.oval:def:2267 The host is installed with Microsoft Windows SharePoint Services 3.0 Service Pack 2 or SharePoint Foundation 2010 or SP1 and is prone to cross-site scripting vulnerability. A flaw is present in the applications which fails to properly validate user input. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:7318 The host is installed with Microsoft Office Web Apps 2010, Microsoft SharePoint Foundation 2010 Service Pack 1, Microsoft Windows SharePoint Services 3.0 Service Pack 2, Microsoft Groove Server 2010 Service Pack 1, Microsoft SharePoint Server 2010 Service Pack 1, Microsoft SharePoint Server 2007 Se ... oval:org.secpod.oval:def:7319 The host is missing an important security update according to Microsoft security bulletin, MS12-066. The update is required to fix elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly validate the HTML strings. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:62508 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:61936 The host is missing an important security update for KB4484197 oval:org.secpod.oval:def:62500 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:49707 An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF). When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal ... oval:org.secpod.oval:def:62511 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:2270 The host is installed with Microsoft SharePoint Foundation 2010 or Microsoft Windows SharePoint Services 3.0 Service Pack 2 or Microsoft Windows SharePoint Services 2.0 or Microsoft Office SharePoint Server 2010 and prone to cross-site scripting vulnerability. A flaw is present in the applications w ... oval:org.secpod.oval:def:62494 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:57347 The host is missing an important security update for KB4475510 oval:org.secpod.oval:def:61837 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:61834 This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successful ... oval:org.secpod.oval:def:62497 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:62608 The host is missing an important security update for KB4484298 oval:org.secpod.oval:def:62507 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:9728 The host is missing a critical security update according to Microsoft bulletin, MS13-024. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly validate user input. Successful exploitation allows attackers to read unauthorized conte ... oval:org.secpod.oval:def:35961 The host is missing an important security update according to Microsoft bulletin, MS16-088. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle objects in memory. Successful exploitation could allow to execute arbitrary cod ... oval:org.secpod.oval:def:15677 The host is missing a critical security update according to Microsoft bulletin, MS13-067. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle certain vectors and improperly validates inputs. Successful exploitation allows a ... oval:org.secpod.oval:def:6378 The host is missing an important security update according to Microsoft bulletin, MS12-050. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted URLs. Successful exploitation results in elevation of privilege or information d ... oval:org.secpod.oval:def:6375 The host is installed with Microsoft SharePoint Server 2007 or SharePoint Services 3.0 or SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle malicious JavaScript elements contained within a specially c ... oval:org.secpod.oval:def:6373 The host is installed with Microsoft SharePoint Server 2010 or SharePoint Foundation 2010 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle malicious JavaScript elements contained within a specially crafted URL. Successful exploi ... oval:org.secpod.oval:def:6371 The host is installed with Microsoft SharePoint Server 2010 or SharePoint Foundation 2010 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle malicious JavaScript elements contained within a specially crafted URL. Successful expl ... oval:org.secpod.oval:def:2264 The host is installed with Microsoft Office SharePoint Server 2007 Service Pack 2 or Microsoft Office SharePoint Server 2010 or SP1 or Microsoft Windows SharePoint Services 3.0 Service Pack 2 or SharePoint Foundation 2010 or SP1 and is prone to information disclosure vulnerability. A flaw is presen ... oval:org.secpod.oval:def:2271 The host is missing an Important security update according to Microsoft security bulletin, MS11-074. The update is required to fix cross-site-scripting and information disclosure vulnerabilities. A flaw is present in the applications, which fails to properly validate inputs. Successful exploitation ... oval:org.secpod.oval:def:1201 The host is installed with Microsoft Internet Explorer and is prone information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive information. oval:org.secpod.oval:def:71043 The host is missing an important security update for KB4504709 oval:org.secpod.oval:def:70930 Microsoft SharePoint Denial of Service Update oval:org.secpod.oval:def:69073 The host is missing an important security update for KB4493223 oval:org.secpod.oval:def:69008 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:69009 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:69014 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:68163 Microsoft SharePoint Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:68281 The host is missing an important security update for KB4493187 oval:org.secpod.oval:def:68171 Microsoft SharePoint Server Tampering Vulnerability oval:org.secpod.oval:def:67679 Microsoft SharePoint Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67681 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:67680 Microsoft SharePoint Spoofing Vulnerability oval:org.secpod.oval:def:67683 Microsoft SharePoint Information Disclosure Vulnerability oval:org.secpod.oval:def:67684 Microsoft SharePoint Remote Code Execution Vulnerability oval:org.secpod.oval:def:67738 The host is missing a moderate severity security update for KB4493149 oval:org.secpod.oval:def:66909 The host is installed with Microsoft SharePoint products and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:66969 The host is missing an important security update for KB4486744 oval:org.secpod.oval:def:66905 The host is installed with Microsoft SharePoint products and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow an attacker to disclosure sensitive information. oval:org.secpod.oval:def:66146 The host is missing an important security update for KB4486708 oval:org.secpod.oval:def:66049 An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:66042 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:66044 An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:66039 An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of th ... oval:org.secpod.oval:def:66038 An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of th ... oval:org.secpod.oval:def:65552 The host is missing an important security update for KB4486667 oval:org.secpod.oval:def:65386 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65380 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65381 A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context ... oval:org.secpod.oval:def:65382 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65379 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65377 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:65368 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint se ... oval:org.secpod.oval:def:65369 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64967 The host is missing an important security update for KB4484462 oval:org.secpod.oval:def:64917 A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacke ... oval:org.secpod.oval:def:64985 The host is missing an important security update for KB4484498 oval:org.secpod.oval:def:64925 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint s ... oval:org.secpod.oval:def:57244 An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges. ... oval:org.secpod.oval:def:15688 The host is installed with Microsoft Windows SharePoint Services 2.0, 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013 and is prone to remote code execution vulnerability. A ... oval:org.secpod.oval:def:57956 The host is missing an important security update for KB4475575 oval:org.secpod.oval:def:57864 An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted ap ... |