CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0738
https://notcve.org/view.php?id=CVE-2005-0738
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. • http://secunia.com/advisories/14543 http://support.microsoft.com/?kbid=891504 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 97%CPEs: 2EXPL: 3CVE-2005-0420 – Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection
https://notcve.org/view.php?id=CVE-2005-0420
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. Microsoft Outlook Web Access (OWA), cuando se usa con Exchange, permite a atacantes remotos redirigir usuario a URLs de inicio de sesión de su elección mediante un enlace a la aplicación owalogin.asp. • https://www.exploit-db.com/exploits/25084 http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html http://secunia.com/advisories/14144 http://www.securityfocus.com/bid/12459 http://www.vupen.com/english/advisories/2005/0105 https://exchange.xforce.ibmcloud.com/vulnerabilities/19225 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 49%CPEs: 25EXPL: 0CVE-2005-0044
https://notcve.org/view.php?id=CVE-2005-0044
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." • http://www.kb.cert.org/vuls/id/927889 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012 https://exchange.xforce.ibmcloud.com/vulnerabilities/19109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35 •
CVSS: 10.0EPSS: 89%CPEs: 4EXPL: 0CVE-2004-0840
https://notcve.org/view.php?id=CVE-2004-0840
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. El componente SMTP (Simple Mail Transfer Protocol) de Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, y el componente Exchange Routing Engine de Exchange Server 2003 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta DNS maliciosa conteniendo valores de longitud que no son validados adecuadamente. • http://www.kb.cert.org/vuls/id/394792 http://www.securityfocus.com/bid/11374 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035 https://exchange.xforce.ibmcloud.com/vulnerabilities/17621 https://exchange.xforce.ibmcloud.com/vulnerabilities/17660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3460 https://oval.cisecurity.org/repository/search/ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 94%CPEs: 5EXPL: 1CVE-2004-0574 – Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
https://notcve.org/view.php?id=CVE-2004-0574
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. El componente de Protocolo de Transferencia de Noticias de Red (NNTP) de Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, y Exchange Server 2003 permite a atacantes remtos ejecutar código de su elección mediante patrones XPAT, posiblemente relacionado con una validación de longitud inadecuada o un "búfer sin comprobar", conduciendo a desbordamientos de búfer basados en la pila y error de fuera por uno. • https://www.exploit-db.com/exploits/578 http://marc.info/?l=bugtraq&m=109761632831563&w=2 http://www.ciac.org/ciac/bulletins/p-012.shtml http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 http://www.kb.cert.org/vuls/id/203126 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 https://exchange.xforce.ibmcloud.com/vulnerabilities/17641 https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 https://oval.cisecurity.org/repository/s • CWE-787: Out-of-bounds Write •