CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 0CVE-2007-0221
https://notcve.org/view.php?id=CVE-2007-0221
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." Un desbordamiento de enteros en el soporte IMAP (IMAP4) en Microsoft Exchange Server 2000 SP3 permite a los atacantes remotos causar una denegación de servicio (suspensión de servicio) por medio de literales creados en un comando IMAP, también se conoce como la "IMAP Literal Processing Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526 http://secunia.com/advisories/25183 http://www.osvdb.org/34392 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23810 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1711 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026 https://exchange • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 67%CPEs: 3EXPL: 0CVE-2007-0220
https://notcve.org/view.php?id=CVE-2007-0220
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Outlook Web Access (OWA) de Microsoft Exchange Server 2000 SP3, y 2003 SP1 y SP2 permite a atacantes remotos ejecutar secuencias de comandos de su elección, falsificar contenido u obtener información sensible mediante ciertas codificaciones UTF, anexos de correo electrónico basados en secuencias de comandos, implicando una "etiqueta de conjunto de caracteres UTF manejada incorrectamente". • http://secunia.com/advisories/25183 http://www.kb.cert.org/vuls/id/124113 http://www.osvdb.org/34389 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23806 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1711 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026 https://exchange.xforce.ibmcloud.com/vulne • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 96%CPEs: 4EXPL: 1CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0213
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MIME. • https://www.exploit-db.com/exploits/47076 http://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.html http://secunia.com/advisories/25183 http://www.kb.cert.org/vuls/id/343145 http://www.osvdb.org/34391 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23809 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english& • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2006-7034
https://notcve.org/view.php?id=CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat. • http://securityreason.com/securityalert/2285 http://www.securityfocus.com/archive/1/435166/30/4680/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 •
CVSS: 2.6EPSS: 94%CPEs: 3EXPL: 1CVE-2006-1193 – Microsoft Exchange Server 2000/2003 - Outlook Web Access Script Injection
https://notcve.org/view.php?id=CVE-2006-1193
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." • https://www.exploit-db.com/exploits/28005 http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html http://secunia.com/advisories/20634 http://securitytracker.com/id?1016280 http://www.kb.cert.org/vuls/id/138188 http://www.osvdb.org/26441 http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt http://www.securityfocus.com/bid/18381 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •