Vulnerabilities > Microsoft > Exchange Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-11-17 | CVE-2003-0712 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. | 4.3 |
| 2002-12-31 | CVE-2002-1873 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | 5.0 |
| 2002-12-31 | CVE-2002-1790 | Unspecified vulnerability in Microsoft products The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | 5.0 |
| 2002-06-18 | CVE-2002-0368 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | 5.0 |
| 2002-03-08 | CVE-2002-0055 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft Exchange Server, Windows 2000 and Windows XP SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | 5.0 |
| 2002-03-08 | CVE-2002-0049 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | 6.4 |
| 2001-10-30 | CVE-2001-0660 | Unspecified vulnerability in Microsoft Exchange Server 4.0/5.5 Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). | 5.0 |
| 2001-09-20 | CVE-2001-0543 | Memory Leak vulnerability in Microsoft Exchange Server, Windows 2000 and Windows NT Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. | 5.0 |
| 2001-09-20 | CVE-2001-0509 | Improper Input Validation vulnerability in Microsoft products Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | 5.0 |
| 2001-09-07 | CVE-2001-1099 | Unrestricted Upload of File With Dangerous Type vulnerability in Symantec Norton Antivirus 2.5 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | 5.0 |