Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftExchange Server

9 matches found

CVE
CVEadded 2005/06/14 4:0 a.m.81 views

CVE-2005-0563

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

4.3CVSS5.5AI score0.22959EPSS
CVE
CVEadded 2005/06/28 4:0 a.m.61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.19725EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.60 views

CVE-2005-0044

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

7.5CVSS7.4AI score0.37835EPSS
CVE
CVEadded 2005/04/27 4:0 a.m.59 views

CVE-2005-0420

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

5.8CVSS6.7AI score0.7589EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.57 views

CVE-2005-0560

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.

7.5CVSS7.8AI score0.72398EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.47 views

CVE-2005-0738

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursi...

5CVSS6.8AI score0.09828EPSS
CVE
CVEadded 2005/10/13 10:2 a.m.47 views

CVE-2005-1987

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

7.5CVSS7.7AI score0.63956EPSS
CVE
CVEadded 2005/06/28 4:0 a.m.43 views

CVE-2002-1873

Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.

5CVSS7.1AI score0.18648EPSS
CVE
CVEadded 2005/06/28 4:0 a.m.41 views

CVE-2002-1876

Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.

2.1CVSS6.5AI score0.00845EPSS