Lucene search
K

23 matches found

Kaspersky
Kaspersky
added 2021/11/09 12:0 a.m.113 views

KLA12342 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...

8.8CVSS8.6AI score0.93877EPSS
Exploits12References7
Kaspersky
Kaspersky
added 2019/02/12 12:0 a.m.162 views

KLA11420 Multiple vulnerabilities in Microsoft Exchange Server

Multiple elevation of privilege vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2019-0724 CVE-2019-0686 ADV190004 Related products Microsoft-Exchange-Server CVE list CVE-2019-0724 critical...

9.3CVSS8.2AI score0.23799EPSS
Exploits2References9
Kaspersky
Kaspersky
added 2018/10/09 12:0 a.m.606 views

KLA11335 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities were found in Microsoft Exchange. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Exchange can be exploited remotely vi...

9.3CVSS8.2AI score0.19629EPSS
Exploits1References7
CVE
CVE
added 2017/12/08 2:0 p.m.80 views

CVE-2017-11940

CVE-2017-11940 / CVE-2017-11937 describe a remote code execution vulnerability in the Microsoft Malware Protection Engine (MMPE) used by Windows Defender/Endpoint Protection, Forefront, and related products. The issue stems from MMPE not properly scanning specially crafted files, which can lead t...

9.3CVSS7.9AI score0.19759EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/12/07 5:29 p.m.28 views

Remote code execution

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

9.3CVSS7.9AI score0.28327EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/05/26 8:29 p.m.22 views

CVE-2017-8537

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

5.5CVSS5.2AI score0.16829EPSS
Exploits1References4
NVD
NVD
added 2017/05/26 8:29 p.m.20 views

CVE-2017-8541

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

9.3CVSS7.6AI score0.50281EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/05/26 8:0 p.m.33 views

CVE-2017-8535

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

5.2AI score0.16829EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2017/05/26 12:0 a.m.26 views

CVE-2017-8540

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

9.3CVSS7.6AI score0.71961EPSS
In wildExploits4References6
Kaspersky
Kaspersky
added 2016/06/14 12:0 a.m.51 views

KLA10826 OSI vulnerability in Microsoft Server Software

An information disclosure vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2016-0028 ADV160012 Related products Microsoft-Exchange-Server CVE list CVE-2016-0028 high KB list 3151086 315050...

5.5CVSS5.8AI score0.22554EPSS
Exploits0References8
Prion
Prion
added 2015/09/09 12:59 a.m.16 views

Information disclosure

Outlook Web Access OWA in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."...

5CVSS6.3AI score0.18236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/09/09 12:0 a.m.68 views

CVE-2015-2543

CVE-2015-2543 is an XSS vulnerability in Outlook Web Access (OWA) of Microsoft Exchange Server 2013 Cumulative Update 8 and 9. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted e‑mail message. Affected product details are Exchange Server 2013 CU8/CU9 (OWA); ro...

4.3CVSS5.6AI score0.09483EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/09/09 12:0 a.m.73 views

CVE-2015-2505

The CVE-2015-2505 issue affects Microsoft Exchange Server (Outlook Web Access) 2013 CU8/CU9 and SP1. Root cause: OWA does not properly handle certain web requests, allowing a remote attacker to view potentially sensitive stack trace information. Impact: information disclosure via remote access. E...

5CVSS5.8AI score0.18236EPSS
Exploits0References2Affected Software1
Symantec
Symantec
added 2015/09/08 12:0 a.m.28 views

Microsoft Exchange Server CVE-2015-2505 Information Disclosure Vulnerability

Description Microsoft Exchange Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Exchange Server 2013 Cumulative Update 8 Microsoft Exchange Server...

5CVSS0.4AI score0.18236EPSS
Exploits0Affected Software1
NVD
NVD
added 2015/06/10 1:59 a.m.22 views

CVE-2015-2359

Cross-site scripting XSS vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."...

4.3CVSS5.8AI score0.11163EPSS
Exploits0References3
NVD
NVD
added 2015/06/10 1:59 a.m.25 views

CVE-2015-1771

Cross-site request forgery CSRF vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."...

6.8CVSS7.1AI score0.05795EPSS
Exploits0References3
Prion
Prion
added 2015/03/11 10:59 a.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in Outlook Web App OWA in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross...

4.3CVSS5.5AI score0.08876EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/03/11 10:0 a.m.56 views

CVE-2015-1630

CVE-2015-1630 is an XSS vulnerability in Outlook Web App (OWA) for Microsoft Exchange Server 2013 SP1 and Cumulative Update 7. The issue arises in processing of user-supplied URLs in OWA (Audit Report Cross Site Scripting). Attacks can inject arbitrary script/HTML via a crafted URL, impacting web...

4.3CVSS5.4AI score0.08876EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/03/11 10:0 a.m.69 views

CVE-2015-1628

CVE-2015-1628 is an XSS vulnerability in Outlook Web App (OWA) of Microsoft Exchange Server 2013 SP1 with CU7. A crafted X-OWA-Canary cookie enables a remote attacker to inject arbitrary web script/HTML via an AD.RecipientType.User action. Affected product: Microsoft Exchange Server 2013 SP1/CU7;...

4.3CVSS5.4AI score0.08876EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2014/12/11 12:59 a.m.28 views

CVE-2014-6325

Cross-site scripting XSS vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326...

4.3CVSS5AI score0.08722EPSS
Exploits0References1
Rows per page
Query Builder