Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exchange_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-03-11 | CVE-2015-1628 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." | Exchange_server | N/A | ||
| 2014-12-10 | CVE-2014-6336 | Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | Exchange_server | N/A | ||
| 2014-12-10 | CVE-2014-6326 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. | Exchange_server | N/A | ||
| 2014-12-10 | CVE-2014-6325 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. | Exchange_server | N/A | ||
| 2014-12-10 | CVE-2014-6319 | Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." | Exchange_server | N/A | ||
| 2013-01-17 | CVE-2013-0418 | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter... | Exchange_server, Fusion_middleware | N/A | ||
| 2009-02-10 | CVE-2009-0099 | The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | Exchange_server | N/A | ||
| 2009-02-10 | CVE-2009-0098 | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | Exchange_server | N/A | ||
| 2001-10-30 | CVE-2001-0660 | Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | Exchange_server | N/A | ||
| 2000-02-29 | CVE-2000-0216 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | Exchange_server, Outlook, Windows_messaging | N/A |