Description of the security update for Microsoft Exchange Server Subscription Edition RTM: December 9, 2025 (KB5071876)

Description of the security update for Microsoft Exchange Server Subscription Edition RTM: December 9, 2025 KB5071876 Original article content This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common...

Description of the security update for Microsoft Exchange Server 2019 CU14: December 9, 2025 (KB5071874)

Description of the security update for Microsoft Exchange Server 2019 CU14: December 9, 2025 KB5071874 Original article content This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...

EUVD-2015-1760

Malware in sbrugna...

EUVD-2014-6203

Malware in sbrugna...

EUVD-2019-9831

Malware in sbrugna...

EUVD-2015-1762

Malware in sbrugna...

EUVD-2015-1759

Malware in sbrugna...

EUVD-2014-6220

Malware in sbrugna...

EUVD-2015-1758

Malware in sbrugna...

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'...

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA / Client Access Server CAS IIS HTTP Internal IP Disclosure', 'Description' = %q This module tests vulnerable IIS HTTP header...

Outlook Web App (OWA) Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...

The vulnerability of the Microsoft Exchange Server, related to errors in processing input data in the OWA interface, allows a perpetrator to perform an SSRF attack.

The vulnerability of Microsoft Exchange Server is related to errors in processing input data in the OWA interface. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855-Scanner Scanner and PoC for CVE-2021-26855 Cr...

PT-2020-4383 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to an information disclosure vulnerability in how Microsoft Exchange validates tokens when handling certain messages. This could allow a remote attack...

The vulnerability of the Outlook Web App (OWA) component of the Microsoft Exchange Server mail server allows attackers to perform cross-site scripting attacks.

The vulnerability of the Outlook Web App OWA component of the Microsoft Exchange Server email server is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'...

CVE-2019-1266

CVE-2019-1266 is a spoofing vulnerability in Microsoft Exchange Server where Outlook Web App (OWA) mishandles web requests. The primary impact described in sources is spoofing content and potential user deception; no explicit exploit details are provided in the documents beyond this. Affected pro...

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'...

Microsoft Exchange Spoofing Vulnerability

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...