CVSS: 7.5EPSS: 89%CPEs: 10EXPL: 0CVE-2005-1987
https://notcve.org/view.php?id=CVE-2005-1987
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html http://marc.info/?l=bugtraq&m=112915118302012&w=2 http://secunia.com/advisories/17167 http://securitytracker.com/id?1015038 http://securitytracker.com/id?1015039 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245 http://www.kb.cert.org/vuls/id/883460 http://www.osvdb.org/19905 http://www.securityfocus.com/bid/15067 http://www.us-cert.gov/cas/techalerts/TA05-284A.html https:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 96%CPEs: 1EXPL: 0CVE-2005-0563
https://notcve.org/view.php?id=CVE-2005-0563
Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag. Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente Microsoft Outlook Web Access (OWA) en Exchange Server 5.5 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un mensaje de correo electrónico con una codificación de JavaScript: "jav & # X41sc & # 0010; ript : ") en una etiqueta IMG. • http://secunia.com/advisories/15697 http://www.idefense.com/application/poi/display?id=261&type=vulnerabilities http://www.securityfocus.com/bid/13952 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 87%CPEs: 2EXPL: 1CVE-2005-0560 – Microsoft Exchange Server - Remote Code Execution (MS05-021)
https://notcve.org/view.php?id=CVE-2005-0560
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. • https://www.exploit-db.com/exploits/947 http://marc.info/?l=bugtraq&m=111393947713420&w=2 http://secunia.com/advisories/14920 http://www.kb.cert.org/vuls/id/275193 http://www.osvdb.org/displayvuln.php?osvdb_id=15467 http://www.us-cert.gov/cas/techalerts/TA05-102A.html http://xforce.iss.net/xforce/alerts/id/193 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.o • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0738
https://notcve.org/view.php?id=CVE-2005-0738
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. • http://secunia.com/advisories/14543 http://support.microsoft.com/?kbid=891504 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 97%CPEs: 2EXPL: 3CVE-2005-0420 – Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection
https://notcve.org/view.php?id=CVE-2005-0420
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. Microsoft Outlook Web Access (OWA), cuando se usa con Exchange, permite a atacantes remotos redirigir usuario a URLs de inicio de sesión de su elección mediante un enlace a la aplicación owalogin.asp. • https://www.exploit-db.com/exploits/25084 http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html http://secunia.com/advisories/14144 http://www.securityfocus.com/bid/12459 http://www.vupen.com/english/advisories/2005/0105 https://exchange.xforce.ibmcloud.com/vulnerabilities/19225 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •