15 matches found
Microsoft Exchange OWA 长用户名拒绝服务漏洞
微软Exchange OWAOutlook Web Access组件存在一个拒绝服务漏洞。当使用很多"%"作 为用户名和口令登录时,OWA会返回HTTP 500 - Internal server error信息。用户将不 能通过IE进行登录。据报告说WWW发布服务和IIS管理服务会停止响应。 Microsoft Exchange Server 5.5 SP4 Microsoft Exchange Server 5.5 SP3 Microsoft Exchange Server 5.5 SP2 Microsoft Exchange Server 5.5 SP1 Microsoft...
Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)
The remote host is running a version of the Outlook Web Access which contains cross site scripting flaws. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to...
CVE-2005-0563
Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...
CVE-2005-0563
Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...
CVE-2005-0563
Microsoft Outlook Web Access (OWA) for Exchange Server 5.5 contains a cross-site scripting (XSS) vulnerability in the HTML encoding used in Compose New Message, allowing an attacker to cause script execution in the user’s context via a specially crafted email (encoded javascript: URL in an IMG ta...
CVE-2004-0203
CVE-2004-0203 affects Outlook Web Access (OWA) for Exchange Server 5.5 SP4. The vulnerability is a cross-site scripting flaw in the HTML redirect query validation, allowing an attacker to persuade a user to click a crafted URL and execute arbitrary script in the victim’s browser, potentially spoo...
CVE-2003-0712
The CVE-2003-0712 issue is an XSS vulnerability in Microsoft Exchange Server 5.5 Outlook Web Access (OWA). The root cause is improper HTML encoding in the Compose New Message form, which could allow an attacker to craft a link or email that, when clicked by a user, executes script in the user’s b...
Microsoft Security Bulletin MS03-047
Microsoft Security Bulletin MS03-047 Print Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack 828489 Issued: October 15, 2003 Version Number: 1.0 Summary Who Should Read This Document: System administrators who have servers running Microsoft® Exchange...
CVE-2002-0054
SMTP service in 1 Microsoft Windows 2000 and 2 Internet Mail Connector IMC in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials...
EUVD-2002-0054
SMTP service in 1 Microsoft Windows 2000 and 2 Internet Mail Connector IMC in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials...
CVE-2002-0054
CVE-2002-0054 affects the SMTP service in Windows 2000 and the Internet Mail Connector (IMC) in Exchange Server 5.5. The issue stems from improper handling of NTLM authentication responses, enabling remote attackers to relay mail via SMTP AUTH using a null session. Public references describe this...
CVE-2002-0698
The CVE-2002-0698 entry describes a buffer overflow in Internet Mail Connector (IMC) of Microsoft Exchange Server 5.5 triggered by an EHLO response to a long hostname. OpenVAS/Nessus entries confirm an unchecked buffer in IMC’s EHLO handling that could allow code execution in the IMC service cont...
CVE-2002-0054
SMTP service in 1 Microsoft Windows 2000 and 2 Internet Mail Connector IMC in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials...
CVE-2000-1006
CVE-2000-1006 affects Microsoft Exchange Server 5.5 and relates to vulnerable MIME header handling when a blank charset is specified (charset=""). The issue allows a remote attacker to cause a denial-of-service condition by sending malformed MIME headers. The vulnerability is associated with Exch...
Microsoft refuses to fix a security bug in Windows 2000
Microsoft refuses to fix a security bug in Windows 2000 Eugene Kalinin Medical Informatics Laboratory Moscow, Russia Aug 16, 2000 Yesterday Microsoft refused to fix a security problem in Windows 2000 RPC service. The bug in RPC service allows an attacker to put a Windows 2000 server out of servic...