3.5
CVSSv2

CVE-2017-8514

Published: 15/06/2017 Updated: 14/03/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 314
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".

Vulnerability Trend

Github Repositories

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributing Maintainers Cross Site Scripting (XS

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributing Maintainers Cross Site Scripting (XS

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributing Cross Site Scripting (XSS) From P5

Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection Insecure Direct Object Reference (IDOR) 2FA Related issues CORS Related issues Server Side Request Forgery (SSRF) Race Condition Remote Code Execution (RCE) Contributi

Awesome-Collection /*hackerw6dcplg3ejonion/?c=hacking wikitjerrta4qgz4onion/ wiki5kauuihowqi5onion/ */ zw3crggtadila2sgonion/imageboard/ leucositecom/Edge-Chromium-EoP-RCE/ twittercom/mashoud1122/status/1217028864796512258?s=21 mediumcom/@shahjerry33/blind-sql-injection-cb68864b8361 mediumcom/@tomnomnom/crlf-in

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Microsoft's June Patch Tuesday Fixes Two Vulnerabilities Used in Live Attacks
BleepingComputer • Catalin Cimpanu • 01 Jan 1970

Microsoft published today the June 2017 Patch Tuesday, which patches over 90 security flaws, including two vulnerabilities used in live attacks.
The first of these vulnerabilities is tracked as CVE-2017-8543. Microsoft describes the issue as following:
Patches for this flaw are available for all of Microsoft's operating systems, including old versions, such as XP and Server 2003.
The second vulnerability detected in live attacks is tracked as CVE-2017-8464 and Microsoft describ...