Search Results | AttackerKB

281 Total Results

Displaying 1-10 of 281

Attacker Value

Very High

CVE-2023-21716

Disclosure Date: February 14, 2023 (last updated May 29, 2024)

Microsoft Word Remote Code Execution Vulnerability

Attacker Value

Very High

CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities

Disclosure Date: October 16, 2020 (last updated January 01, 2024)

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

High

CVE-2020-1147

Disclosure Date: July 14, 2020 (last updated February 21, 2025)

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Attack Vector: Local Privileges: None User Interaction: Required

Attacker Value

Very High

CVE-2019-0604

Disclosure Date: March 05, 2019 (last updated November 27, 2024)

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Attack Vector: Network Privileges: None User Interaction: None