23 matches found
KLA12342 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...
KLA11420 Multiple vulnerabilities in Microsoft Exchange Server
Multiple elevation of privilege vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2019-0724 CVE-2019-0686 ADV190004 Related products Microsoft-Exchange-Server CVE list CVE-2019-0724 critical...
KLA11335 Multiple vulnerabilities in Microsoft Exchange Server
Multiple serious vulnerabilities were found in Microsoft Exchange. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Exchange can be exploited remotely vi...
CVE-2017-11940
CVE-2017-11940 / CVE-2017-11937 describe a remote code execution vulnerability in the Microsoft Malware Protection Engine (MMPE) used by Windows Defender/Endpoint Protection, Forefront, and related products. The issue stems from MMPE not properly scanning specially crafted files, which can lead t...
Remote code execution
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...
CVE-2017-8537
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...
CVE-2017-8541
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...
CVE-2017-8535
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...
CVE-2017-8540
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...
KLA10826 OSI vulnerability in Microsoft Server Software
An information disclosure vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2016-0028 ADV160012 Related products Microsoft-Exchange-Server CVE list CVE-2016-0028 high KB list 3151086 315050...
Information disclosure
Outlook Web Access OWA in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."...
CVE-2015-2543
CVE-2015-2543 is an XSS vulnerability in Outlook Web Access (OWA) of Microsoft Exchange Server 2013 Cumulative Update 8 and 9. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted e‑mail message. Affected product details are Exchange Server 2013 CU8/CU9 (OWA); ro...
CVE-2015-2505
The CVE-2015-2505 issue affects Microsoft Exchange Server (Outlook Web Access) 2013 CU8/CU9 and SP1. Root cause: OWA does not properly handle certain web requests, allowing a remote attacker to view potentially sensitive stack trace information. Impact: information disclosure via remote access. E...
Microsoft Exchange Server CVE-2015-2505 Information Disclosure Vulnerability
Description Microsoft Exchange Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Exchange Server 2013 Cumulative Update 8 Microsoft Exchange Server...
CVE-2015-2359
Cross-site scripting XSS vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."...
CVE-2015-1771
Cross-site request forgery CSRF vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in Outlook Web App OWA in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross...
CVE-2015-1630
CVE-2015-1630 is an XSS vulnerability in Outlook Web App (OWA) for Microsoft Exchange Server 2013 SP1 and Cumulative Update 7. The issue arises in processing of user-supplied URLs in OWA (Audit Report Cross Site Scripting). Attacks can inject arbitrary script/HTML via a crafted URL, impacting web...
CVE-2015-1628
CVE-2015-1628 is an XSS vulnerability in Outlook Web App (OWA) of Microsoft Exchange Server 2013 SP1 with CU7. A crafted X-OWA-Canary cookie enables a remote attacker to inject arbitrary web script/HTML via an AD.RecipientType.User action. Affected product: Microsoft Exchange Server 2013 SP1/CU7;...
CVE-2014-6325
Cross-site scripting XSS vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326...