Lucene search

K
MicrosoftExchange Server

216 matches found

CVE
CVE
added 2002/06/25 4:0 a.m.45 views

CVE-2001-0726

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

7.5CVSS7AI score0.09905EPSS
CVE
CVE
added 2010/05/27 7:30 p.m.45 views

CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) a...

4.3CVSS5.7AI score0.04459EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.44 views

CVE-2001-0340

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

7.5CVSS6.6AI score0.07385EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.44 views

CVE-2003-0712

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

4.3CVSS6.1AI score0.18968EPSS
CVE
CVE
added 2015/03/11 10:59 a.m.44 views

CVE-2015-1630

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.43 views

CVE-2002-1873

Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.

5CVSS7.1AI score0.18648EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.43 views

CVE-2014-6336

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vu...

3.5CVSS6.6AI score0.03795EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.42 views

CVE-1999-1322

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

4.6CVSS7.4AI score0.00812EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.42 views

CVE-2014-6325

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.

4.3CVSS5AI score0.0513EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.41 views

CVE-2002-1876

Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.

2.1CVSS6.5AI score0.00845EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.41 views

CVE-2004-0203

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

4.3CVSS5.7AI score0.25669EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.40 views

CVE-1999-0993

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

7.5CVSS6.8AI score0.0867EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.40 views

CVE-2001-0666

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.

2.1CVSS6.6AI score0.00297EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.38 views

CVE-2001-1319

Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.

5CVSS6.6AI score0.10938EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.33 views

CVE-1999-0385

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

10CVSS8.2AI score0.08997EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.31 views

CVE-1999-1043

Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).

5CVSS7AI score0.06486EPSS
Total number of security vulnerabilities216