NotCVE - vendor:"Microsoft" product:"Exchange Server" version:"2013"

Page 10 of 109 results (0.009 seconds)

CVSS: 5.5EPSS: 21%CPEs: 6EXPL: 0

CVE-2016-0028

https://notcve.org/view.php?id=CVE-2016-0028

16 Jun 2016 — Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe ... • http://www.securitytracker.com/id/1036106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-0030

https://notcve.org/view.php?id=CVE-2016-0030

13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también co... • http://www.securityfocus.com/bid/79890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0

CVE-2016-0032

https://notcve.org/view.php?id=CVE-2016-0032

13 Jan 2016 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML ... • http://www.securityfocus.com/bid/79884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 16%CPEs: 3EXPL: 0

CVE-2015-2505 – Microsoft Exchange Outlook Web 2013 Information Disclosure

https://notcve.org/view.php?id=CVE-2015-2505

09 Sep 2015 — Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability." Vulnerabilidad en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 Cumulative Update 8 y 9 y SP1, permite a atacantes remotos obtener información sensible del stacktrace a través de una petición manipulada, también conocida como 'Exchange Information Disclosure Vuln... • http://www.securitytracker.com/id/1033495 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 0

CVE-2015-2543

https://notcve.org/view.php?id=CVE-2015-2543

09 Sep 2015 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 Cumulative Update 8 y 9, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un mensaje de correo electrónico manipulado, ta... • http://www.securitytracker.com/id/1033495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 7%CPEs: 3EXPL: 0

CVE-2015-2544

https://notcve.org/view.php?id=CVE-2015-2544

09 Sep 2015 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 Cumulative Update 8 y 9 y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un mensaje de correo electrónico ... • http://www.securitytracker.com/id/1033495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 11%CPEs: 2EXPL: 0

CVE-2015-1764

https://notcve.org/view.php?id=CVE-2015-1764

10 Jun 2015 — The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability." Las aplicaciones web en Microsoft Exchange Server 2013 SP1 y Cumulative Update 8 permiten a atacantes remotos evadir Same Origin Policy y enviar trafico HTTP a los servidores de intranet a través... • http://www.securityfocus.com/bid/75007 •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2015-1771

https://notcve.org/view.php?id=CVE-2015-1771

10 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability." Vulnerabilidad de CSRF en las aplicaciones web en Microsoft Exchange Server 2013 SP1 y Cumulative Update 8 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como 'vulnerabilidad de CSRf de Exchange.' • http://www.securityfocus.com/bid/75011 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 13%CPEs: 2EXPL: 0

CVE-2015-2359

https://notcve.org/view.php?id=CVE-2015-2359

10 Jun 2015 — Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability." Vulnerabilidad de XSS en las aplicaciones web en Microsoft Exchange Server 2013 Cumulative Update 8 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, también conocido como 'vulnerabilidad ... • http://www.securityfocus.com/bid/75013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 8%CPEs: 2EXPL: 0

CVE-2015-1628

https://notcve.org/view.php?id=CVE-2015-1628

11 Mar 2015 — Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." Vulnerabilidad de XSS en Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos inyectar secuencias de comandos web arbitrar... • http://www.securitytracker.com/id/1031900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...8 9 10 11