Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5072 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability." | |||||
CVE-2013-0418 | 2 Microsoft, Oracle | 2 Exchange Server, Fusion Middleware | 2024-11-21 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. | |||||
CVE-2012-4791 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 3.5 LOW | N/A |
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." | |||||
CVE-2012-2284 | 2 Emc, Microsoft | 2 Networker Module For Microsoft Applications, Exchange Server | 2024-11-21 | 2.1 LOW | N/A |
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | |||||
CVE-2011-0290 | 3 Lotus, Microsoft, Rim | 3 Domino, Exchange Server, Blackberry Enterprise Server | 2024-11-21 | 6.5 MEDIUM | N/A |
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. | |||||
CVE-2010-3937 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.0 MEDIUM | N/A |
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." | |||||
CVE-2010-2091 | 1 Microsoft | 3 Exchange Server, Internet Explorer, Windows Server 2003 | 2024-11-21 | 4.3 MEDIUM | N/A |
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | |||||
CVE-2010-1690 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2024-11-21 | 6.4 MEDIUM | N/A |
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | |||||
CVE-2010-1689 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2024-11-21 | 6.4 MEDIUM | N/A |
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | |||||
CVE-2010-0025 | 1 Microsoft | 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." | |||||
CVE-2010-0024 | 1 Microsoft | 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | |||||
CVE-2009-1491 | 2 Mcafee, Microsoft | 2 Groupshield, Exchange Server | 2024-11-21 | 9.3 HIGH | N/A |
McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | |||||
CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | |||||
CVE-2009-0098 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.3 HIGH | N/A |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | |||||
CVE-2008-2248 | 1 Microsoft | 2 Exchange Server, Outlook Web Access | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. | |||||
CVE-2008-2247 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. | |||||
CVE-2008-1547 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | |||||
CVE-2007-0221 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.8 HIGH | N/A |
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." | |||||
CVE-2007-0220 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | |||||
CVE-2007-0213 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 10.0 HIGH | N/A |
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. |