Lucene search

K
MicrosoftExchange Server

216 matches found

CVE
CVE
added 2002/06/25 4:0 a.m.61 views

CVE-2002-0055

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

5CVSS6.7AI score0.48421EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.19725EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.61 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of i...

5CVSS6.7AI score0.54363EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.61 views

CVE-2018-8152

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00997EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.60 views

CVE-2005-0044

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

7.5CVSS7.4AI score0.37835EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.60 views

CVE-2013-0418

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information...

6.8CVSS5.9AI score0.25098EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.59 views

CVE-2001-0660

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).

5CVSS6.4AI score0.1955EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.59 views

CVE-2005-0420

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

5.8CVSS6.7AI score0.7589EPSS
CVE
CVE
added 2017/09/13 1:29 a.m.59 views

CVE-2017-11761

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

5.3CVSS5.3AI score0.07988EPSS
CVE
CVE
added 2017/07/11 9:29 p.m.58 views

CVE-2017-8559

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability...

6.1CVSS5.9AI score0.0079EPSS
CVE
CVE
added 2018/09/21 4:29 p.m.58 views

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

8.6CVSS8.4AI score0.0034EPSS
CVE
CVE
added 2018/08/15 5:29 p.m.58 views

CVE-2018-8374

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS6.5AI score0.00841EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.57 views

CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

7.5CVSS6.8AI score0.08243EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-0560

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.

7.5CVSS7.8AI score0.72398EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.57 views

CVE-2006-1193

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

2.6CVSS5.5AI score0.62669EPSS
CVE
CVE
added 2008/07/08 11:41 p.m.57 views

CVE-2008-2247

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

4.3CVSS6.2AI score0.25123EPSS
CVE
CVE
added 2009/02/10 10:30 p.m.57 views

CVE-2009-0099

The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Proc...

5CVSS6.4AI score0.71059EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.57 views

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

6.1CVSS6.2AI score0.0716EPSS
CVE
CVE
added 2015/03/11 10:59 a.m.56 views

CVE-2015-1631

Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."

5CVSS6.8AI score0.08599EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.56 views

CVE-2018-8153

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00611EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.55 views

CVE-2002-0698

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

7.5CVSS7.8AI score0.17116EPSS
CVE
CVE
added 2006/05/10 2:10 a.m.54 views

CVE-2006-0027

Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.

7.5CVSS7.4AI score0.87053EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.54 views

CVE-2014-6319

Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability....

5CVSS6.7AI score0.05143EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.54 views

CVE-2015-2505

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."

5CVSS5.8AI score0.1646EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.53 views

CVE-2002-0368

The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."

5CVSS6.5AI score0.2068EPSS
CVE
CVE
added 2010/05/07 6:30 p.m.53 views

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVE
added 2015/03/11 10:59 a.m.53 views

CVE-2015-1628

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cro...

4.3CVSS5.4AI score0.06935EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.53 views

CVE-2015-2543

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS
CVE
CVE
added 2017/05/26 8:29 p.m.53 views

CVE-2017-8535

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Excha...

5.5CVSS5.1AI score0.1918EPSS
CVE
CVE
added 2017/05/26 8:29 p.m.53 views

CVE-2017-8536

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Excha...

5.5CVSS5.1AI score0.1918EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.52 views

CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Servic...

6CVSS6.7AI score0.21894EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.52 views

CVE-2014-6326

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.

4.3CVSS5AI score0.0513EPSS
CVE
CVE
added 2015/03/11 10:59 a.m.51 views

CVE-2015-1632

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Sc...

4.3CVSS5.5AI score0.06643EPSS
CVE
CVE
added 2001/09/20 4:0 a.m.50 views

CVE-2001-0509

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

5CVSS7.2AI score0.13062EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.50 views

CVE-2003-0714

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

7.5CVSS7AI score0.67793EPSS
CVE
CVE
added 2015/03/11 10:59 a.m.50 views

CVE-2015-1629

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.49 views

CVE-1999-0682

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

5CVSS6.9AI score0.18355EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.49 views

CVE-2000-0524

Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.

5CVSS7.1AI score0.1551EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.49 views

CVE-2002-0049

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

6.4CVSS6.6AI score0.12213EPSS
CVE
CVE
added 2007/05/08 11:19 p.m.49 views

CVE-2007-0039

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in whi...

7.8CVSS6.4AI score0.40928EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.48 views

CVE-2000-1139

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

7.5CVSS7AI score0.06256EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.47 views

CVE-1999-0284

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

7.5CVSS7.2AI score0.03442EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.47 views

CVE-1999-0945

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

5CVSS7.4AI score0.21304EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.47 views

CVE-2001-0543

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.

5CVSS7AI score0.08566EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.47 views

CVE-2005-0738

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursi...

5CVSS6.8AI score0.09828EPSS
CVE
CVE
added 2005/10/13 10:2 a.m.47 views

CVE-2005-1987

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

7.5CVSS7.7AI score0.63956EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.46 views

CVE-2000-1006

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

5CVSS6.6AI score0.09991EPSS
CVE
CVE
added 2002/08/12 4:0 a.m.46 views

CVE-2002-0507

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

2.1CVSS7.1AI score0.01336EPSS
CVE
CVE
added 2007/05/08 11:19 p.m.46 views

CVE-2007-0220

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving a...

6.8CVSS6AI score0.46708EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.46 views

CVE-2015-2544

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS
Total number of security vulnerabilities216