Vulnerabilities > Microsoft > Exchange Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-10 | CVE-2009-0099 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | 5.0 |
| 2008-10-21 | CVE-2008-1547 | Open Redirect vulnerability in Microsoft Exchange Server 2003 Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | 4.3 |
| 2008-07-08 | CVE-2008-2248 | Cross-Site Scripting vulnerability in Microsoft Exchange Server and Outlook web Access Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. | 4.3 |
| 2008-07-08 | CVE-2008-2247 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2003/2007 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. | 4.3 |
| 2007-05-08 | CVE-2007-0220 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000/2003 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | 6.8 |
| 2005-06-14 | CVE-2005-0563 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. | 4.3 |
| 2005-05-02 | CVE-2005-0738 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2003 Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. | 5.0 |
| 2005-04-27 | CVE-2005-0420 | Open Redirect vulnerability in Microsoft Exchange Server 2003 Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | 5.8 |
| 2004-11-23 | CVE-2004-0203 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | 4.3 |
| 2004-01-20 | CVE-2003-0904 | Information Exposure vulnerability in Microsoft products Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. | 6.0 |