CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2002-0054
https://notcve.org/view.php?id=CVE-2002-0054
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. El servicio SMTP enMicrosoft Windows 2000 y Internet Mail Connector (IMC) en Exchange Server 5.5no maneja adecuadamente respuestas a autenticación NTLM, lo que permite a atacantes remotos hacer reenvío de correo mediante el servidor. • http://marc.info/?l=bugtraq&m=101501580409373&w=2 http://www.securityfocus.com/bid/4205 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0049
https://notcve.org/view.php?id=CVE-2002-0049
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. Microsoft Exchange Server 2000 System Attendant da a el grupo "Todos" privilegios para modificar las claves del registro, lo que podría permitir a atacantes remotos leer o modifcar claves del registro. • http://www.osvdb.org/2042 http://www.securityfocus.com/bid/4053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/8092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0726
https://notcve.org/view.php?id=CVE-2001-0726
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. • http://www.osvdb.org/5557 http://www.securityfocus.com/bid/3650 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/7663 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2001-0660
https://notcve.org/view.php?id=CVE-2001-0660
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). • http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP http://www.securityfocus.com/bid/3301 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-047 https://exchange.xforce.ibmcloud.com/vulnerabilities/7089 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0666
https://notcve.org/view.php?id=CVE-2001-0666
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. • http://www.securityfocus.com/bid/3368 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-049 https://exchange.xforce.ibmcloud.com/vulnerabilities/7168 • CWE-400: Uncontrolled Resource Consumption •