Download
| Alert*
oval:org.mitre.oval:def:1593
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in whic ... oval:org.secpod.oval:def:10350 The machine setting for the startup type of the 'Microsoft Exchange Speech Engine Service' service should be configured correctly. oval:org.secpod.oval:def:10351 The machine setting for the startup type of the 'Microsoft Exchange Server Extension for Windows Server Backup' service should be configured correctly. oval:org.secpod.oval:def:10352 The machine setting for the startup type of the 'Microsoft Exchange Service Host' service should be configured correctly. oval:org.secpod.oval:def:10353 The machine setting for the startup type of the 'Microsoft Exchange IMAP4' service should be configured correctly. oval:org.secpod.oval:def:10354 The machine setting for the startup type of the 'Microsoft Exchange Monitoring' service should be configured correctly. oval:org.secpod.oval:def:10355 The machine setting for the startup type of the 'Microsoft Exchange Credential Service (Exchange 2007)' service should be configured correctly. oval:org.secpod.oval:def:10345 The machine setting for the startup type of the 'Microsoft Exchange Unified Messaging' service should be configured correctly. oval:org.secpod.oval:def:10346 The machine setting for the startup type of the 'Microsoft Exchange Transport' service should be configured correctly. oval:org.secpod.oval:def:10347 The machine setting for the startup type of the 'Microsoft Search (Exchange)' service should be configured correctly. oval:org.secpod.oval:def:10348 The machine setting for the startup type of the 'Microsoft Exchange POP3' service should be configured correctly. oval:org.secpod.oval:def:10349 The machine setting for the startup type of the 'Microsoft Exchange Information Store' service should be configured correctly. oval:org.secpod.oval:def:10360 The machine setting for the startup type of the 'Microsoft Exchange Search Indexer' service should be configured correctly. oval:org.secpod.oval:def:10361 The machine setting for the startup type of the 'Microsoft Exchange Mail Submission Service' service should be configured correctly. oval:org.secpod.oval:def:10362 The machine setting for the startup type of the 'Microsoft Exchange Anti-spam Update' service should be configured correctly. oval:org.secpod.oval:def:10363 The machine setting for the startup type of the 'Microsoft Exchange Transport Log Search' service should be configured correctly. oval:org.secpod.oval:def:10364 The machine setting for the startup type of the 'Microsoft Exchange Active Directory Topology' service should be configured correctly. oval:org.secpod.oval:def:10365 The machine setting for the startup type of the 'Microsoft Exchange Replication Service' service should be configured correctly. oval:org.secpod.oval:def:10356 The machine setting for the startup type of the 'Microsoft Exchange Mailbox Assistants' service should be configured correctly. oval:org.secpod.oval:def:10357 The machine setting for the startup type of the 'Microsoft Exchange File Distribution' service should be configured correctly. oval:org.secpod.oval:def:10358 The machine setting for the startup type of the 'Microsoft Exchange ADAM' service should be configured correctly. oval:org.secpod.oval:def:10359 The machine setting for the startup type of the 'Microsoft Exchange EdgeSync Service' service should be configured correctly. oval:org.secpod.oval:def:10344 The machine setting for the startup type of the 'Microsoft Exchange System Attendant' service should be configured correctly. oval:org.mitre.oval:def:1641 Exchange Server 2007 is installed. oval:org.mitre.oval:def:1371 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an ... oval:org.mitre.oval:def:1890 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. oval:org.secpod.oval:def:3298 The host is missing an important security update according to Microsoft security bulletin, MS08-039. The update is required to fix privilege elevation vulnerabilities. The flaws are present in Outlook Web Access (OWA) for Microsoft Exchange Server, which fails to handle OWA client's session data. Su ... oval:org.secpod.oval:def:6701 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6700 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6705 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6704 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6703 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6702 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6697 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6696 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6695 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6694 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6699 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6698 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.secpod.oval:def:6693 The host is installed with Microsoft Exchange Server 2007 or 2010 or FAST Search Server 2010 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted file through Outlook Web Access in a browser. Successful exploitation co ... oval:org.mitre.oval:def:6114 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." oval:org.mitre.oval:def:12019 Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." oval:org.secpod.oval:def:9279 The host is installed with Microsoft Exchange Server 2007 or 2010 and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when WebReady Document Viewer is used to preview a specially crafted file. Successful exploitation allows attackers to run arbi ... oval:org.mitre.oval:def:5695 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. oval:org.secpod.oval:def:8186 The host is installed with Exchange Server 2007 or Exchange Server 2010 and is prone to remote code execution vulnerabilities. The flaws are present in the Microsoft Exchange Server, which fails to properly handle WebReady Document Viewing feature. Successful exploitation could allow to run code on ... oval:org.secpod.oval:def:8187 The host is installed with Exchange Server 2007 or Exchange Server 2010 and is prone to remote code execution vulnerabilities. The flaws are present in the Microsoft Exchange Server, which fails to properly handle WebReady Document Viewing feature. Successful exploitation could allow to run code on ... oval:org.secpod.oval:def:9277 The host is installed with Microsoft Exchange Server 2007 or 2010 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused when WebReady Document Viewer is used to preview a specially crafted file. Successful exploitation allows context-dependent attacke ... oval:org.secpod.oval:def:8185 The host is installed with Exchange Server 2007 or Exchange Server 2010 and is prone to denial of service vulnerability. A flaw is present in the Microsoft Exchange Server, which fails to properly handle the RSS feeds. Successful exploitation could cause exchange databases to dismount, and potential ... oval:org.secpod.oval:def:14831 The host is installed with Microsoft Exchange Server 2007, 2010 or 2013 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to run code on the affected Exchange Server. oval:org.secpod.oval:def:14830 The host is installed with Microsoft Exchange Server 2007, 2010 or 2013 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to run code on the affected Exchange Server. oval:org.secpod.oval:def:14828 The host is installed with Microsoft Exchange Server 2007, 2010 or 2013 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to run code on the affected Exchange Server. oval:org.secpod.oval:def:15688 The host is installed with Microsoft Windows SharePoint Services 2.0, 3.0 SP3, SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP1, SP2, SharePoint Server 2010 SP1, SP2, Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013 and is prone to remote code execution vulnerability. A ... oval:org.secpod.oval:def:16208 The host is installed with Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013 and is prone an OWA xss vulnerability. A flaw is present in the application, which fails to handle a specially crafted data. Successful exploitation could allow attackers to run script in the context of th ... oval:org.secpod.oval:def:16206 The host is installed with Exchange Server 2010 or Exchange Server 2013 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation could allow attackers to inject arbitrary web script or HTML. oval:org.secpod.oval:def:16207 The host is installed with Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted file. Successful exploitation could allow attackers to execute arbitrary code o ... oval:org.secpod.oval:def:21884 The host is installed with Microsoft Exchange Server 2007, 2010 or 2013 and is prone to a token spoofing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted content. Successful exploitation could allow attackers to send email that appears to come from an us ... oval:org.secpod.oval:def:21881 The host is missing an important security update according to Microsoft bulletin, MS14-075. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a specially crafted content, properly validate redirection tokens or improperly validate ... oval:org.secpod.oval:def:35603 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:35601 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:35602 The host is missing an important security update according to Microsoft security bulletin, MS16-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:35599 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:37000 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly parse email messages. Successful exploitation could allow attackers to discover confidential user infor ... |