Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft outlook web access vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-1052
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote malicious users to spoof e-mail addresses.
Microsoft Outlook 2003
Microsoft Outlook Web Access 2003
1.9
CVSSv2
CVE-2008-2143
Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.
Microsoft Outlook Web Access
NA
CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.2
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.1
6.8
CVSSv2
CVE-2010-3213
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote malicious users to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
Microsoft Outlook Web Access 2007
1 EDB exploit
4.3
CVSSv2
CVE-2008-2248
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote malicious users to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
Microsoft Exchange Server 2003
Microsoft Exchange Server 2007
Microsoft Outlook Web Access
4.3
CVSSv2
CVE-2006-1305
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote malicious users to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients...
Microsoft Office 2000
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Office Xp
Microsoft Office 2003
Microsoft Outlook 2003
10
CVSSv2
CVE-2001-0538
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and previous versions allows remote malicious users to execute arbitrary commands via a malicious HTML e-mail message or web page.
Microsoft Outlook
2 EDB exploits
10
CVSSv2
CVE-2004-0380
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote malicious users to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references th...
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0
3 EDB exploits
7.5
CVSSv2
CVE-2000-0419
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote malicious users to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
Microsoft Photodraw 2000 1.0
Microsoft Powerpoint 2000
Microsoft Project 2000
Microsoft Access 2000
Microsoft Word 2000
Microsoft Works 2000
Microsoft Office 2000
Microsoft Outlook 2000
Microsoft Excel 2000
Microsoft Frontpage 2000
9.3
CVSSv2
CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote malicious users to execute arbitrary code via a Vector Markup Language (VML) file wi...
Microsoft Outlook 2003
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1
3 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »