CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3146
https://notcve.org/view.php?id=CVE-2021-3146
08 Apr 2021 — The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios • https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf • CWE-426: Untrusted Search Path •
CVSS: 7.4EPSS: 24%CPEs: 19EXPL: 0CVE-2010-1689
https://notcve.org/view.php?id=CVE-2010-1689
07 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerab... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 19%CPEs: 19EXPL: 0CVE-2010-1690
https://notcve.org/view.php?id=CVE-2010-1690
07 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerabi... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 40%CPEs: 16EXPL: 0CVE-2010-0024
https://notcve.org/view.php?id=CVE-2010-0024
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no valida adecuada... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 54%CPEs: 16EXPL: 0CVE-2010-0025
https://notcve.org/view.php?id=CVE-2010-0025
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Ex... • http://secunia.com/advisories/39253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2009-0098
https://notcve.org/view.php?id=CVE-2009-0098
10 Feb 2009 — Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2 y Exchange Server 2007 SP1; no interpreta adecuadamente las propiedades de Transport Neutral Encapsulation (TNEF), esto permite a atacantes remotos ejecutar cód... • http://osvdb.org/51837 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 71%CPEs: 3EXPL: 0CVE-2009-0099
https://notcve.org/view.php?id=CVE-2009-0099
10 Feb 2009 — The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." El proveedor Electronic Messaging System Microsoft Data Base (EMSMDB32) en Microsoft Exchange 2000 Server SP3 y Exchange Server 2003 SP2, utilizado como Exchange System Attendant, permite a ... • http://osvdb.org/51838 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 30%CPEs: 1EXPL: 2CVE-2008-1547 – Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection
https://notcve.org/view.php?id=CVE-2008-1547
21 Oct 2008 — Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. Vulnerabilidad involuntaria de redirección en exchweb/bin/redir.asp en Microsoft Outlook Web Access (OWA) para Exchange Server 2003 SP2 (alias build 6.5.7638) permite a atacantes remotos, redireccionar a usuarios a sitios web de su elección y ll... • https://www.exploit-db.com/exploits/32489 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 24%CPEs: 3EXPL: 1CVE-2008-2247
https://notcve.org/view.php?id=CVE-2008-2247
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. Una vulnerabilidad de tipo cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server versión 2003 SP2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de campos de correo electrónico no especificados, una vulnerabilidad diferent... • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 25%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •