Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft office system vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
NA
CVE-2024-26199
Microsoft Office Elevation of Privilege Vulnerability
1 Article
9.3
CVSSv2
CVE-2022-30190
<p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker c...
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 2022 -
Microsoft Windows 11 -
Microsoft Windows 10 21h2
122 Github repositories
8 Articles
4.3
CVSSv2
CVE-2021-43409
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores a...
Wpo365 Wordpress \\+ Azure Ad \\/ Microsoft Office 365
6.8
CVSSv2
CVE-2021-40444
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p&...
Microsoft Windows Server 2008 R2
Microsoft Windows 10 1607
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows Server 2016 2004
Microsoft Windows 10 20h2
Microsoft Windows Server 2016 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 2022 -
Microsoft Windows 7 -
Microsoft Windows 8.1 -
59 Github repositories
8 Articles
5.5
CVSSv2
CVE-2021-38175
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the sys...
Sap Analysis For Microsoft Office 2.8
6.8
CVSSv2
CVE-2020-16929
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current use...
Microsoft Excel Web App 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Web Apps 2013
Microsoft Office Web Apps 2010
Microsoft Office 2013
Microsoft Sharepoint Server 2010
Microsoft Office 2010
Microsoft Excel 2010
Microsoft Office 2016
Microsoft Sharepoint Enterprise Server 2013
Microsoft Office 2019
Microsoft Office Online Server 1.0
Microsoft 365 Apps -
9.3
CVSSv2
CVE-2020-16947
<p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted...
Microsoft Outlook 2016
Microsoft Office 2019
Microsoft 365 Apps -
3 Github repositories
1 Article
6.8
CVSSv2
CVE-2020-16930
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current use...
Microsoft Office 2013
Microsoft Office 2016
Microsoft Office 2019
Microsoft 365 Apps -
6.8
CVSSv2
CVE-2020-16931
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current use...
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Web Apps 2013
Microsoft Excel 2010
Microsoft Office 2019
Microsoft Office Online Server 1.0
Microsoft 365 Apps -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »