CVSS: 9.8EPSS: 87%CPEs: 3EXPL: 1CVE-2006-0027 – MS06-019 Exchange MODPROP Heap Overflow
https://notcve.org/view.php?id=CVE-2006-0027
09 May 2006 — Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. • https://packetstorm.news/files/id/180581 •
CVSS: 8.8EPSS: 56%CPEs: 16EXPL: 0CVE-2006-0002
https://notcve.org/view.php?id=CVE-2006-0002
10 Jan 2006 — Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. • http://secunia.com/advisories/18368 •
CVSS: 9.8EPSS: 72%CPEs: 10EXPL: 0CVE-2005-1987
https://notcve.org/view.php?id=CVE-2005-1987
13 Oct 2005 — Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 76%CPEs: 2EXPL: 1CVE-2005-0560 – Microsoft Exchange Server - Remote Code Execution (MS05-021)
https://notcve.org/view.php?id=CVE-2005-0560
13 Apr 2005 — Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. • https://www.exploit-db.com/exploits/947 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 85%CPEs: 5EXPL: 1CVE-2004-0574 – Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
https://notcve.org/view.php?id=CVE-2004-0574
16 Oct 2004 — The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. El componente de Protocolo de Transferencia de Noticias de Red (NNTP) de Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Se... • https://www.exploit-db.com/exploits/578 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 67%CPEs: 9EXPL: 3CVE-2003-0714 – Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)
https://notcve.org/view.php?id=CVE-2003-0714
17 Oct 2003 — The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. El servicio de correo de Internet en Exchange Server 5.5 y Exchange 2000 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) conectándose directamente al servicio SMTP y enviando una cierta pet... • https://www.exploit-db.com/exploits/113 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 18%CPEs: 3EXPL: 0CVE-2002-1873
https://notcve.org/view.php?id=CVE-2002-1873
31 Dec 2002 — Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. • http://online.securityfocus.com/archive/1/286220 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2002-1876
https://notcve.org/view.php?id=CVE-2002-1876
31 Dec 2002 — Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. • http://online.securityfocus.com/archive/1/286220 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 20%CPEs: 3EXPL: 0CVE-2002-0368
https://notcve.org/view.php?id=CVE-2002-0368
18 Jun 2002 — The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." • http://www.iss.net/security_center/static/9195.php • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0507
https://notcve.org/view.php?id=CVE-2002-0507
11 Jun 2002 — An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. Una interacción entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticación SecurID para un usuario anterior mediante varios envios de una petición de autenticación OW... • http://online.securityfocus.com/archive/1/264705 • CWE-287: Improper Authentication •