Lucene search

K
MicrosoftExchange Server5.5

20 matches found

CVE
CVE
added 2006/01/10 10:3 p.m.115 views

CVE-2006-0002

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to messa...

7.5CVSS7.3AI score0.56178EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.81 views

CVE-2005-0563

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

4.3CVSS5.5AI score0.22959EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.78 views

CVE-1999-0007

Information from SSL-encrypted sessions via PKCS #1.

5CVSS7.4AI score0.05124EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.19725EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.57 views

CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

7.5CVSS6.8AI score0.08243EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.55 views

CVE-2002-0698

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

7.5CVSS7.8AI score0.17116EPSS
CVE
CVE
added 2001/09/20 4:0 a.m.50 views

CVE-2001-0509

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

5CVSS7.2AI score0.13062EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.50 views

CVE-2003-0714

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

7.5CVSS7AI score0.67793EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.49 views

CVE-1999-0682

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

5CVSS6.9AI score0.18355EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.47 views

CVE-1999-0945

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

5CVSS7.4AI score0.21304EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.46 views

CVE-2000-1006

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

5CVSS6.6AI score0.09991EPSS
CVE
CVE
added 2002/08/12 4:0 a.m.46 views

CVE-2002-0507

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

2.1CVSS7.1AI score0.01336EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.45 views

CVE-2001-0726

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

7.5CVSS7AI score0.09905EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.44 views

CVE-2001-0340

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

7.5CVSS6.6AI score0.07385EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.44 views

CVE-2003-0712

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

4.3CVSS6.1AI score0.18968EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.41 views

CVE-2004-0203

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

4.3CVSS5.7AI score0.25669EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.40 views

CVE-1999-0993

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

7.5CVSS6.8AI score0.0867EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.38 views

CVE-2001-1319

Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.

5CVSS6.6AI score0.10938EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.33 views

CVE-1999-0385

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

10CVSS8.2AI score0.08997EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.31 views

CVE-1999-1043

Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).

5CVSS7AI score0.06486EPSS