Download
| Alert*
|
oval:org.secpod.oval:def:21882
Microsoft Exchange Server 2013 SP1 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft. oval:org.secpod.oval:def:46095 The host is missing a moderate severity security update for KB4295699 oval:org.secpod.oval:def:21886 The host is installed with Microsoft Exchange Server 2013 and is prone to a XSS vulnerability. A flaw is present in the application, which does not properly validate input. Successful exploitation could allow attackers to run script in the context of the current user. oval:org.secpod.oval:def:21887 The host is installed with Microsoft Exchange Server 2013 and is prone to an URL redirection vulnerability. A flaw is present in the application, which fails to properly validate redirection tokens. An attacker who successfully exploited this vulnerability could redirect an user to an arbitrary doma ... oval:org.secpod.oval:def:21884 The host is installed with Microsoft Exchange Server 2007, 2010 or 2013 and is prone to a token spoofing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted content. Successful exploitation could allow attackers to send email that appears to come from an us ... oval:org.secpod.oval:def:21885 The host is installed with Microsoft Exchange Server 2013 and is prone to a XSS vulnerability. A flaw is present in the application, which does not properly validate input. Successful exploitation could allow attackers to run script in the context of the current user. oval:org.secpod.oval:def:21881 The host is missing an important security update according to Microsoft bulletin, MS14-075. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a specially crafted content, properly validate redirection tokens or improperly validate ... oval:org.secpod.oval:def:23749 The host is installed with Microsoft Exchange Server 2013 or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly sanitize page content in Outlook Web App. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:23748 The host is installed with Microsoft Exchange Server 2013 or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly sanitize page content in Outlook Web App. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:23746 The host is installed with Microsoft Exchange Server 2013 or SP1 and is prone to an OWA modified canary parameter cross site scripting vulnerability. A flaw is present in the application, which fails to properly sanitize page content in Outlook Web App. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:23751 The host is missing an important security update according to Microsoft security bulletin, MS15-026. The update is required to fix multiple OWA xss vulnerabilities. The flaws are present in the application, which fail to properly sanitize page content in Outlook Web App. Successful exploitation coul ... oval:org.secpod.oval:def:23750 The host is installed with Microsoft Exchange Server 2013 or SP1 and is prone to an exchange error message cross site scripting vulnerability. A flaw is present in the application, which fails to properly sanitize page content in Outlook Web App. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:24832 The host is installed with Exchange Server 2013, CU8 or SP1 and is prone to an Exchange Cross-Site request forgery vulnerability. A flaw is present in the application, which fails to properly manage user sessions. Successful exploitation could allow attackers to read content that the attacker is not ... oval:org.secpod.oval:def:24833 The host is installed with Exchange Server 2013 CU8 and is prone to an Exchange HTML injection vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted script to a target site that uses HTML sanitization. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:24834 The host is missing an important secuirity update according to Microsoft security bulletin, MS15-064. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted data. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:24831 The host is installed with Exchange Server 2013, CU8 or SP1 and is prone to an Exchange Server-Side request forgery vulnerability. A flaw is present in the application, which fails to properly manage same-origin policy. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:26527 The host is installed with Exchange Server 2013, CU8, CU9 or SP1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle web requests. Successful exploitation could allow attackers to disclose stacktrace details. oval:org.secpod.oval:def:26530 The host is installed with Exchange Server 2013, CU8 or CU9 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly sanitize specially crafted email. Successful exploitation could allow attackers to perform HTML injection attacks on affected systems. oval:org.secpod.oval:def:26531 The host is missing an important security update according to Microsoft security bulletin, MS15-103. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly sanitize specially crafted email. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:46097 The host is installed with Microsoft Exchange Server 2010, 2013 or 2016 and is prone to a remote security vulnerability. A flaw is present in the application, which fails to handle Outside In Filters component. Successful exploitation could allow attackers to exploit the vulnerability over HTTP prot ... oval:org.secpod.oval:def:46099 The host is installed with Microsoft Exchange Server 2010, 2013 or 2016 and is prone to a remote security vulnerability. A flaw is present in the application, which fails to handle Outside In Image Export SDK component. Successful exploitation could allow attackers to exploit the vulnerability over ... oval:org.secpod.oval:def:46098 The host is installed with Microsoft Exchange Server 2010, 2013 or 2016 and is prone to a remote security vulnerability. A flaw is present in the application, which fails to handle Outside In Filters component. Successful exploitation could allow attackers to exploit the vulnerability over HTTP prot ... oval:org.secpod.oval:def:32600 The host is installed with Exchange Server 2013, CU10, or 2016 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fail to properly handle web requests. An attacker who successfully exploited the vulnerabilities could perform script or content injection attacks and ... oval:org.secpod.oval:def:32598 The host is installed with Exchange Server 2013, CU10, CU11 or 2016 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fail to properly handle web requests. An attacker who successfully exploited the vulnerabilities could perform script or content injection attack ... oval:org.secpod.oval:def:32594 The host is missing an important security update according to Microsoft security bulletin, MS16-010. The update is required to fix multiple spoofing vulnerabilities. The flaws are present in the applications, which fail to properly handle web requests. An attacker who successfully exploited the vuln ... oval:org.secpod.oval:def:35603 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:35604 The host is installed with Microsoft Exchange Server 2013 or 2016 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:35601 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:35602 The host is missing an important security update according to Microsoft security bulletin, MS16-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:35599 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:37000 The host is installed with Microsoft Exchange Server 2007, 2010, 2013 or 2016 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly parse email messages. Successful exploitation could allow attackers to discover confidential user infor ... oval:org.secpod.oval:def:37004 The host is installed with Microsoft Exchange Server 2013 or 2016 and is prone to an open redirect vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted URL. Successful exploitation could allow attackers to trick the user and potentially acquire sens ... oval:org.secpod.oval:def:37003 The host is missing a critical security update according to Microsoft security bulletin, MS16-108. The update requires to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:40659 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafte ... oval:org.secpod.oval:def:40660 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a cr ... oval:org.secpod.oval:def:40663 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a cr ... oval:org.secpod.oval:def:40664 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafte ... oval:org.secpod.oval:def:40661 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a cr ... oval:org.secpod.oval:def:40662 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafte ... oval:org.secpod.oval:def:40665 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafte ... oval:org.secpod.oval:def:40666 The host is installed with Microsoft malware protection engine before 1.1.13804.0 for Microsoft Forefront Security for SharePoint, Windows Defender or Microsoft Security Essentials and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafte ... oval:org.secpod.oval:def:39302 The host is installed with Microsoft Exchange Server 2013 or 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a web request. Successful exploitation could allow attackers to perform script/content injection attacks, an ... oval:org.secpod.oval:def:39305 The host is missing an important security update according to Microsoft security bulletin, MS17-015. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a web request. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:41258 The host is installed with Microsoft Exchange Server 2010, 2013 or 2016 and is prone to an open redirect vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted URL. Successful exploitation could allow attackers to acquire sensitive information, such a ... oval:org.secpod.oval:def:41255 The host is missing a moderate severity security update KB4018588 oval:org.secpod.oval:def:41259 The host is installed with Microsoft Exchange Server 2013 or 2016 and is prone to an cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted email message containing a malicious link. Successful exploitation could allow attackers to perform ... oval:org.secpod.oval:def:41260 The host is installed with Microsoft Exchange Server 2013 or 2016 and is prone to an cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted email message containing a malicious link. Successful exploitation could allow attackers to perform ... oval:org.secpod.oval:def:41991 An input sanitization issue exists with Microsoft Exchange Server that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An atta ... oval:org.secpod.oval:def:42046 The host is missing an important security update KB4036108 oval:org.secpod.oval:def:44683 An information disclosure vulnerability exists in the way that Microsoft Exchange Server handles URL redirects. If an impacted user is using Microsoft Exchange Outlook Web Access (OWA) Light, the vulnerability could allow an attacker to discover sensitive information that should otherwise not be dis ... oval:org.secpod.oval:def:44684 An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into di ... oval:org.secpod.oval:def:44680 The host is missing an important security update KB4073392 oval:org.secpod.oval:def:45358 An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system. To exploit the vulnerability, an attacker would send a specially-cr ... oval:org.secpod.oval:def:45366 The host is missing an important security update KB4092041 oval:org.secpod.oval:def:45364 A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view ... oval:org.secpod.oval:def:57253 The host is missing an important security update for KB4509409. oval:org.secpod.oval:def:49119 The host is installed with Microsoft Exchange Server 2010, 2013, 2016 or 2019 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle authentication requests. Successful exploitation could allow attackers to impersonate any other use ... oval:org.secpod.oval:def:50066 The host is installed with Microsoft Exchange Server 2010, 2013 or 2016 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the PowerShell API. Successful exploitation could allow attackers to view additional details about the ... oval:org.secpod.oval:def:50068 The host is missing an important security update KB4471389 oval:org.secpod.oval:def:50611 The host is missing a security update for ADV190007 |
