Search Results (253 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1987 1 Microsoft 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more 2026-04-16 N/A
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
CVE-2002-0368 1 Microsoft 1 Exchange Server 2026-04-16 N/A
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
CVE-2004-0574 1 Microsoft 4 Exchange Server, Windows 2000, Windows Nt and 1 more 2026-04-16 N/A
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
CVE-2002-1876 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
CVE-1999-1322 2 Broadcom, Microsoft 3 Arcserve Backup, Inoculan, Exchange Server 2026-04-16 N/A
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
CVE-2002-1873 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
CVE-2005-0563 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.
CVE-2002-0055 1 Microsoft 3 Exchange Server, Windows 2000, Windows Xp 2026-04-16 N/A
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
CVE-2003-0904 1 Microsoft 3 Exchange Server, Sharepoint Services, Windows Server 2003 2026-04-16 N/A
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
CVE-2005-0738 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
CVE-1999-0945 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
CVE-2001-1319 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2002-0054 1 Microsoft 2 Exchange Server, Windows 2000 2026-04-16 N/A
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
CVE-2002-0698 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
CVE-2001-0146 1 Microsoft 2 Exchange Server, Internet Information Services 2026-04-16 N/A
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
CVE-2006-0027 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
CVE-2000-1006 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
CVE-2005-0420 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
CVE-2026-26137 1 Microsoft 3 365 Copilot Business Chat, 365 Copilot Chat, Exchange Online 2026-04-14 9.9 Critical
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
CVE-2023-21529 1 Microsoft 1 Exchange Server 2026-04-14 8.8 High
Microsoft Exchange Server Remote Code Execution Vulnerability