ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Exchange Server
Subscriptions
Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1987 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more | 2025-04-03 | N/A |
| Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. | ||||
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2025-04-03 | N/A |
| Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | ||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | ||||
| CVE-2001-0146 | 1 Microsoft | 2 Exchange Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | ||||
| CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2025-04-03 | N/A |
| The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | ||||
| CVE-2002-0049 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | ||||
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | ||||
| CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2025-04-03 | N/A |
| Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | ||||
| CVE-2005-0563 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | ||||
| CVE-2006-0002 | 1 Microsoft | 3 Exchange Server, Office, Outlook | 2025-04-03 | N/A |
| Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | ||||
| CVE-1999-0682 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | N/A |
| Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. | ||||
| CVE-2021-31198 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 7.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2020-0903 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | ||||
| CVE-2023-21745 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21762 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21707 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-21710 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 7.2 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28310 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-32031 | 1 Microsoft | 1 Exchange Server | 2025-03-01 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
| Microsoft Exchange Server Spoofing Vulnerability | ||||