CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 0CVE-2015-1631
https://notcve.org/view.php?id=CVE-2015-1631
11 Mar 2015 — Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos falsificar los organizadores de reuniones a través de vectores no especificados, también conocido como 'vulnerabilidad de la falsificación de solicitudes de reuniones falsas de Exchange.' • http://www.securitytracker.com/id/1031900 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 6%CPEs: 2EXPL: 0CVE-2015-1632
https://notcve.org/view.php?id=CVE-2015-1632
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." Vulnerabilidad de XSS en errorfe.aspx en Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos inyectar secuencias de comandos web ar... • http://www.securitytracker.com/id/1031900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2014-6325
https://notcve.org/view.php?id=CVE-2014-6325
11 Dec 2014 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Vulnerabilidad de XSS en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como 'vulnerabilidad de OWA XSS,' una ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2014-6336
https://notcve.org/view.php?id=CVE-2014-6336
11 Dec 2014 — Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 no valida debidamente los tokens de la redirección, lo que permite a atacantes remotos redirigir usuarios hacia sitio... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2014-6319
https://notcve.org/view.php?id=CVE-2014-6319
11 Dec 2014 — Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Outlook Web App (OWA) en Microsoft Exchange Server 2007 SP3, 2010 SP3, y 2013 SP1 y Cumulative Update 6 no valida correctamente los tokens en solicitudes, lo que permite a atacantes remotos suplantar el origen d... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2014-6326
https://notcve.org/view.php?id=CVE-2014-6326
11 Dec 2014 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. Vulnerabilidad de XSS en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como 'vulnerabilidad de OWA XSS,' una ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 4EXPL: 0CVE-2013-5072
https://notcve.org/view.php?id=CVE-2013-5072
11 Dec 2013 — Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability." Vulnerabilidad de XSS en Outlook Web Access de Microsoft Exchange Server 2010 SP2 y SP3 y 2013 Cumulative Update 2 y 3 permite a atacantes remotos inyectar script web o HTML arbitrario a través de una URL manipulada, también conocido como "OWA XSS Vulnerabi... • http://www.securityfocus.com/bid/64085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 25%CPEs: 4EXPL: 0CVE-2013-0418 – Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0418
17 Jan 2013 — Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be tr... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0073.html •
CVSS: 7.5EPSS: 36%CPEs: 3EXPL: 0CVE-2012-4791
https://notcve.org/view.php?id=CVE-2012-4791
12 Dec 2012 — Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." Microsoft Exchange Server 2007 SP3 y 2010 SP1 y SP2 permite a usuarios remotos autenticados provocar una denegación de servicio (bloqueo del servicio Information Store) al suscribirse a un feed RSS manipulado, también conocido como "Feed RSS puede provocar vulnerabilid... • http://www.securityfocus.com/bid/56836 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2284
https://notcve.org/view.php?id=CVE-2012-2284
18 Oct 2012 — The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. El proceso del (1) instalación and (2) actualización en EMC NetWorker Module para Microsoft Applications (NMM) v2.2.1, v2.3 anterior al build v122, y v2.4 anterior al build v375, cuando el Exchange Server es usado, permite a usuarios locales... • http://archives.neohapsis.com/archives/bugtraq/2012-10/0068.html • CWE-255: Credentials Management Errors •