The OVAL Repository5.32015-09-03T06:24:39.222-04:00Exchange Cross-Site Request Forgery vulnerability - CVE-2015-1771 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange HTML injection vulnerability - CVE-2015-2359 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOWA modified canary parameter cross site scripting vulnerability - CVE-2015-1628 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchangeDLP cross site scripting vulnerability - CVE-2015-1629 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDExchange Server-Side Request Forgery vulnerability - CVE-2015-1764 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 8 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 8 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAudit report cross site scripting vulnerability - CVE-2015-1630 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint XSS vulnerability – CVE-2015-1653 (MS15-036)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDExchange URL redirection vulnerability (CVE-2014-6336) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6326) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange forged meeting request spoofing vulnerability - CVE-2015-1631 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6325) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 CU 6 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 CU 6 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange error message cross site scripting vulnerability - CVE-2015-1632 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 7 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 7 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1633 (MS15-022)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDSharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4068) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4071) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Lync Server 2010Microsoft Lync Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Lync Server 2013Microsoft Lync Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability allows remote attackers to bypass Protected ModeMicrosoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAllows remote attackers to spoof web sites via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code executing via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDService Bus Denial of Service Vulnerability - CVE-2014-2814 (MS14-042)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Service Bus 1.1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWeb Applications Page Content Vulnerability (CVE-2014-1813) - MS14-022Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Office Web Apps 2010Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2013 Client Components SDKCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 Client Components SDK is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2013 Client Components SDKMicrosoft SharePoint Server 2013 Client Components SDK is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 SP1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 SP1 is installedSecPod TeamDRAFTMaria MikhnoINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5763) - MS13-105Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSignalR XSS Vulnerability (CVE-2013-5042) - MS13-103Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Visual Studio Team Foundation ServerCross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Windows Server 2012Microsoft Visual Studio Team Foundation ServerMicrosoft Visual Studio Team Foundation Server 2013 is installedSecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerabilities (CVE-2013-5059) - MS13-100Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS Vulnerability (CVE-2013-5072) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5791) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 3 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3849) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3847) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWord memory corruption vulnerability in Microsoft SharePoint (CVE-2013-3857) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP2 is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft SharePoint (CVE-2013-3858) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web AppsMicrosoft SharePoint Server 2010Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3848) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-2393 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3776 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3781 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 2 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP3 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0.
Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate VeridataMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Oracle GoldenGate DirectorOracle GoldenGate VeridataApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDCallback Function Vulnerability - MS13-024Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Directory Traversal Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-II - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Windows Essentials Could Allow Information Disclosure - MS13-045Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2011Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2012 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2012 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2011 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2011Microsoft Windows Essentials 2011 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRSS Feed May Cause Exchange DoS Vulnerability - MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDReflected XSS Vulnerability - MS12-062Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3Microsoft Systems Management Server 2003Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R2 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R3 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R3Microsoft System Center Configuration Manager 2007 R3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 SP2 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 SP2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 SP3 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDXSS Vulnerability - MS12-061Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-I - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 R2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007 R2Microsoft System Center Operations Manager 2007 R2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in SharePoint could allow information disclosure - MS13-030Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IVMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2012-0159)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IXMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS scriptresx.ashx Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSharePoint Script in Username Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2011-3402)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeUnspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDLync Insecure Library Loading Vulnerability (CVE-2012-1849)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendantMicrosoft Lync 2010 AttendeeUntrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (user level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (user level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendant is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendantMicrosoft Lync 2010 Attendant is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (admin level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (admin level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft FAST Search Server 2010 for SharePoint is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointMicrosoft FAST Search Server 2010 for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP3 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2007 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP1 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDXSS in wizardlist.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDXSS in inplview.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDXSS in themeweb.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAntiXSS Library Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Anti-Cross Site Scripting Library V3.xMicrosoft Anti-Cross Site Scripting Library V4.0The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDContact Details Reflected XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS in SharePoint Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDEditform Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNameMicrosoft.SharePoint.Portal.dllMicrosoft.Office.Server.Search.dllmsoserverintl.dllwwintl.dllvutils.dllMsoserver.Dllmicrosoft.office.infopath.server.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Office Server\15.0BinPathxlsrv.dllstswel.dllDeploy.resources.dllMicrosoft.Rtc.Acd.Workflow.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{.*\}$DisplayNamewrtces.dllSIPStack.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionmshtml.dllMicrosoft.ServiceBus.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Service Bus\1.1INSTALLDIRSWORD.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SharePoint Client Components\15.0LocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-101F-0401-1000-0000000FF1CE\}_Office15\.WacServer\-\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-1014-0000-1000-0000000FF1CE}_Office15\.OSERVER\{[\w\-]+\}$DisplayNameMicrosoft.Office.Server.Msg.dllwsetupui.dllWsssetup.dllHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirMicrosoft.AspNet.SignalR.Core.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\12.0InstallPathMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.WacServerInstallLocationascalc.dllascalc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameOnetutil.dllMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationxlsrv.dllOnfda.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationWdsrvWorker.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15DisplayNameExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v15\SetupMsiInstallPathHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\[\d]*-[\d]*-[\d]*-[\d]*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle GoldenGate Veridata 3.0.0.11.0DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayNameWindowsLiveWriter.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteInstallLocationvseshr.dllExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006CCC4E-4FEB-4ED1-8587-037656905DC8}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CF55004-EEC4-406F-AF05-2291F1395388}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ConfigMgr\SetupFull UI VersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SMS .*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupFull Versionreportinginstall.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupInstallation DirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\10.0InstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Team Foundation Server 2010 - ENU\SP1\KB2182621Microsoft.TeamFoundation.WebAccess.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupServerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft Operations Manager\3.0\SetupProductAuditingMessages.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameMicrosoft.office.server.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-1014-0000-1000-0000000FF1CE}_Office14\.WSS_\{[\w\-]+}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayVersionMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationOnfda.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorAttendantconsole.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendantConsole.exepathCommunicator.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorInstallationDirectoryogl.dllHKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AttendeeCommunicator\.exe$pathogl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendeeCommunicator.exepathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMajortranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathMicrosoft.sharepoint.search.extended.administration.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupPathtranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*$DisplayNameOnetutil.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90120000-1014-0000-[01]000-0000000FF1CE\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameEawfap.dllMicrosoft.office.policy.dllOWSSVR.DLLMicrosoft.SharePoint.Taxonomy.dllMicrosoft.SharePoint.Client.dllMicrosoft.office.server.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirMicrosoft Office SharePoint Server 200715.0.4719.100214.0.7149.500012.0.6721.5000Microsoft Exchange Server 2013 Cumulative Update 815.0.847.4115.0.1076.01115.0.4711.1000014.03.0224.0018.03.0389.002Microsoft Exchange Server 2013 Cumulative Update 615.00.0847.03515.00.0995.034Microsoft Exchange Server 2013 Cumulative Update 715.0.847.3815.0.1044.2915.0.4697.100015.0.4631.100014.0.7145.500015.0.4699.100015.0.4701.100014.0.7137.50005.0.8308.4204.0.7577.276^Microsoft Lync Server 2010.*$^Microsoft Lync Server 2013.*$4.0.7577.2305.0.8308.803^9\.0\..*$15.0.4641.1000^8\..*$8.0.7600.167228.0.7600.208618.0.7600.200002.1.40512.214.0.7123.50004.1.304.3.84.2.22^Service Pack 1 for Microsoft Office Web Apps Server .*$^Service Pack 1 for Microsoft SharePoint Server 2013 .*$15.0.4514.100015.0.4561.100015.0.4609.100015.0.4615.10004.2.204.3.64.2.204.3.44.2.184.1.284.2.03.2.04.1.04.0.04.3.24.3.03.2.184.0.201.1.21022.014.0.7011.100015.0.4545.100015.0.4551.1007Microsoft Exchange Server 2013 Cumulative Update 315.0.775.4115.0.712.318.3.342.414.3.174.114.2.390.3^Microsoft SharePoint Foundation 2013 .*$^Service Pack 2 for Microsoft SharePoint Foundation 2010 .*$14.0.7105.500014.0.7005.100014.0.7104.500015.0.4535.1000^Service Pack 2 for Microsoft Office Web Apps.*$14.0.7015.1000^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)14.0.7106.500014.0.6112.5000Microsoft Exchange Server 2013 Cumulative Update 1^Microsoft Exchange Server 2013.*$Microsoft Exchange Server 2013 Cumulative Update 215.0.620.3415.0.712.2814.2.375.08.3.327.114.3.158.1^Oracle GoldenGate Director Server 11.1.1.1.0[_\d]*$14.0.6134.5000^16\..*$^15\..*$Windows Live Essentials16.4.3508.2058.3.298.314.2.342.28.3.7.20714.1.438.014.2.328.108.3.297.2Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3^Microsoft System Center Configuration Manager 2007.*$4.00.6487.2000^.*Microsoft Systems Management Server 2003.*$2.50.4253.30004.0.6487.221610.0.40219.417System Center Operations Manager 20076.0.6278.0System Center Operations Manager 2007 R26.0.6278.06.1.7221.110Microsoft SharePoint Server 201315.0.4481.1507Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1)14.0.6029.100014.0.6108.500014.0.6106.5000Microsoft Lync 20104.0.7577.409814.083121414.1.421.28.3.279.414.0.334.1114.2.318.414.0.6113.500014.0.6114.5001^Microsoft AntiXSS v(3\.\d|4\.0).*$12.0.6565.5001^Microsoft Windows SharePoint Services 3\.0.*$Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 201014.0.6106.500114.0.6106.500114.0.6106.500814.0.6106.500114.0.6106.500114.0.6106.5001\15.0\WebServices\ConversionServices\1033\15.0\WebServices\ConversionServices\15.0\WebServices\Shared\VisioGraphicsServer\Bin\14.0\WebServices\WordServer\Core\Deployment\de-DE\Application Host\Applications\Response Group\Server\Core\System32\14.0\WebServices\ConversionService\Bin\Converter\Microsoft Shared\SERVER15\Server Setup Controller\WSS.en-us\Microsoft Shared\SERVER15\Server Setup ControllerApplication Tier\Web Services\bin\PPTConversionService\bin\Converter\15.0\bin\15.0\WebServices\ConversionService\Bin\Converter\15.0\bin\Microsoft Shared\web server extensions\15\BIN\14.0\WebServices\ConversionService\Bin\Converter\14.0\WebServices\WordServer\Core\BinWriter\Bin\Bin\bin\i386^\\assembly\\GAC_MSIL\\Microsoft\.TeamFoundation\.WebAccess\\10\.0\.0\.0__\w+$\Microsoft Shared\web server extensions\15\ISAPI\14.0\bin\Microsoft Shared\web server extensions\14\BINClientAccess\Owa\Bin\DocumentViewingbinClientAccess\Owa\Bin\DocumentViewing\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\Web Server Extensions\14\ISAPI