CVSS: 5.5EPSS: 21%CPEs: 6EXPL: 0CVE-2016-0028
https://notcve.org/view.php?id=CVE-2016-0028
16 Jun 2016 — Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe ... • http://www.securitytracker.com/id/1036106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 4CVE-2010-3213 – Outlook Web Access 2007 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2010-3213
07 Sep 2010 — Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Microsoft Outlook Web Access (owa/ev.owa) 2007 hasta SP2 permite a atacantes remotos secuestrar la autenticación de usuarios de e-mail para peticiones que llevan a ca... • https://www.exploit-db.com/exploits/14285 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 25%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
08 Jul 2008 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2143
https://notcve.org/view.php?id=CVE-2008-2143
12 May 2008 — Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. Versiones sin especificar de Microsoft Outlook Web Access (OWA) utilizan la directiva Cache-Control: no-cache HTTP en vez de no-store, lo que podría provocar que navegadores web que siguen RFC-2616 almacenen en caché información sensible. • http://www.kb.cert.org/vuls/id/829876 •
CVSS: 5.3EPSS: 8%CPEs: 2EXPL: 0CVE-2005-1052
https://notcve.org/view.php?id=CVE-2005-1052
12 Apr 2005 — Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. • http://www.idefense.com/application/poi/display?id=227&type=vulnerabilities •