Vulnerabilities > Microsoft > Exchange Server > 5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-10 | CVE-2006-0002 | Remote Code Execution vulnerability in Microsoft Outlook / Microsoft Exchange TNEF Decoding Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | 7.5 |
| 2005-06-14 | CVE-2005-0563 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | 4.3 |
| 2004-11-23 | CVE-2004-0203 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | 4.3 |
| 2003-11-17 | CVE-2003-0714 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000/5.5 The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. | 7.5 |
| 2003-11-17 | CVE-2003-0712 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. | 4.3 |
| 2002-12-31 | CVE-2002-1790 | Unspecified vulnerability in Microsoft products The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | 5.0 |
| 2002-08-12 | CVE-2002-0507 | Improper Authentication vulnerability in multiple products An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | 2.1 |
| 2002-03-08 | CVE-2002-0054 | Authentication Bypass BY Capture-Replay vulnerability in Microsoft Exchange Server and Windows 2000 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | 7.5 |
| 2001-12-06 | CVE-2001-0726 | Unspecified vulnerability in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. | 7.5 |
| 2001-10-30 | CVE-2001-0660 | Unspecified vulnerability in Microsoft Exchange Server 4.0/5.5 Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | 5.0 |