CVSS: 5.0EPSS: 96%CPEs: 7EXPL: 0CVE-2002-0055
https://notcve.org/view.php?id=CVE-2002-0055
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. El servicio SMTP en Windows 2000/XP Professional y Exchange 2000 permite a atacantes remotos provocar denegación de servico mediante un comando con una petición transferencia de datos malformada. • http://marc.info/?l=bugtraq&m=101558498401274&w=2 http://www.iss.net/security_center/static/8307.php http://www.securityfocus.com/bid/4204 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2002-0054
https://notcve.org/view.php?id=CVE-2002-0054
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. El servicio SMTP enMicrosoft Windows 2000 y Internet Mail Connector (IMC) en Exchange Server 5.5no maneja adecuadamente respuestas a autenticación NTLM, lo que permite a atacantes remotos hacer reenvío de correo mediante el servidor. • http://marc.info/?l=bugtraq&m=101501580409373&w=2 http://www.securityfocus.com/bid/4205 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0049
https://notcve.org/view.php?id=CVE-2002-0049
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. Microsoft Exchange Server 2000 System Attendant da a el grupo "Todos" privilegios para modificar las claves del registro, lo que podría permitir a atacantes remotos leer o modifcar claves del registro. • http://www.osvdb.org/2042 http://www.securityfocus.com/bid/4053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/8092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0726
https://notcve.org/view.php?id=CVE-2001-0726
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. • http://www.osvdb.org/5557 http://www.securityfocus.com/bid/3650 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/7663 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2001-0660
https://notcve.org/view.php?id=CVE-2001-0660
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). • http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP http://www.securityfocus.com/bid/3301 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/7089 •