VYPR

Exchange Server

by Microsoft

CVEs (233)

  • CVE-2021-41349Nov 10, 2021
    risk 0.07cvss epss 0.94

    Microsoft Exchange Server Spoofing Vulnerability

  • CVE-2021-28482Apr 13, 2021
    risk 0.07cvss epss 0.83

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-28480Apr 13, 2021
    risk 0.07cvss epss 0.71

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2008-1547Oct 21, 2008
    risk 0.07cvss epss 0.46

    Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

  • CVE-2023-36745Sep 12, 2023
    risk 0.06cvss epss 0.81

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-31195May 11, 2021
    risk 0.06cvss epss 0.74

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-17143Dec 9, 2020
    risk 0.06cvss epss 0.71

    Microsoft Exchange Server Information Disclosure Vulnerability

  • CVE-2006-1193Jun 13, 2006
    risk 0.06cvss epss 0.39

    Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

  • CVE-2002-1790Dec 31, 2002
    risk 0.06cvss epss 0.34

    The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

  • CVE-2005-0420Apr 27, 2005
    risk 0.05cvss epss 0.26

    Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

  • CVE-2023-32031Jun 14, 2023
    risk 0.04cvss epss 0.82

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2010-2091May 27, 2010
    risk 0.04cvss epss 0.18

    Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct…

  • CVE-2007-0039May 8, 2007
    risk 0.04cvss epss 0.45

    The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS…

  • CVE-2006-0002Jan 10, 2006
    risk 0.04cvss epss 0.46

    Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME…

  • CVE-1999-0284Jan 1, 1998
    risk 0.04cvss epss 0.12

    Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

  • CVE-2021-28481Apr 13, 2021
    risk 0.03cvss epss 0.36

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-17083Nov 11, 2020
    risk 0.03cvss epss 0.12

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2007-0220May 8, 2007
    risk 0.03cvss epss 0.33

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail…

  • CVE-2007-0221May 8, 2007
    risk 0.03cvss epss 0.37

    Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

  • CVE-2005-1987Oct 13, 2005
    risk 0.03cvss epss 0.43

    Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type"…

Page 5 of 12