2899 matches found
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...
Microsoft Exchange - Authentication Bypass
Microsoft Exchange Server Information Disclosure Vulnerability. This vulnerability enables an attacker to bypass authentication and gain access to the Exchange Server's internal. id: CVE-2021-33766 info: name: Microsoft Exchange - Authentication Bypass author: daffainfo severity: high description...
Security Updates for Microsoft Exchange Server (June 2026)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the June, 2026 security bulletin. - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft...
CVE-2026-45502
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45501
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45500
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-47631
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45503
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
CVE-2026-45583
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
CVE-2026-45504
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
EUVD-2026-35506
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-35681
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
EUVD-2026-35680
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
EUVD-2026-35679
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
EUVD-2026-35678
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
EUVD-2026-35676
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-35677
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...