Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: MS SharePoint bug exposes credentials, sensitive data.

30 Apr 2010   #1

Win 7 Ultimate 64-bit. SP1.
MS SharePoint bug exposes credentials, sensitive data.

Microsoft says it's investigating a security flaw in older versions of its SharePoint Server product that an independent researcher says can easily expose sensitive data and user authentication credentials.

The XSS, or cross-site scripting, vulnerability has been confirmed in SharePoint Server 2007 and is likely also present in earlier versions of the content management system software, an advisory from High-Tech Bridge warned. It allows adversaries to inject malicious javascript into the application by appending commands to the address of the targeted system.

"The vulnerability exists due to failure in the '/_layouts/help.aspx' script to properly sanitize user-supplied input in 'cid0' variable," the advisory states. "Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data."
Source -
Microsoft SharePoint bug exposes credentials, sensitive data ? The Register

My System SpecsSystem Spec


 MS SharePoint bug exposes credentials, sensitive data.

Thread Tools

Similar help and support threads
Thread Forum
Garage Series: Bringing Data Loss Prevention to SharePoint
Hack of exposes password data, messages for 158,000 users
Source A Guy
Security News
Target data breach exposes serious threat of POS malware and botnets
Source A Guy
Security News
Flash drives dangerously hard to purge of sensitive data
Protecting Sensitive Data with AD RMS.
Source - Protecting Sensitive Data with AD RMS - Via Windows Server 2008 and Windows Server 2008 R2 - Softpedia
Chillout Room
Kaspersky breach exposes sensitive database, hacker claims
A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:27.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App