SECURITY FOCUS ONLINE bietet eine zentrale und übersichtliche Quelle für Verwundbarkeitsstellen (Vulnerabilty) in gängigen Softwareprodukten, u.a. auch Centrinity's FirstClass Server und der Microsoft Exchange/Outlook Palette.
Eine aktuelle Recherche führte zu unten angehängtem Ergebnis. Die Security Focus Online Datenbank liefert zum FirstClass Server exakt 2 Anfälligkeiten (Anmerkung: FirstClass ist einige Jahre länger am Markt als die vergleichbaren MS Produkte):
2001-02-21: Centrinity FirstClass Local User Mail Spoofing Vulnerability
2000-06-27: Centrinity FirstClass Intranet Server Long Header Denial of Service Vulnerability
Die Recherche zu Exchange/Outlook/IIS returnierte folgende vergleichbar gewaltige Liste (198 Einträge):
2002-03-28: Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
2002-02-27: Microsoft SMTP Service Malformed Command Denial of Service Vulnerability
2002-02-07: Microsoft Exchange Inappropriate Registry Permissions Vulnerability
2001-09-26: Microsoft Exchange OWA Server Resource Starvation Vulnerability
2001-08-15: Microsoft Windows NNTP Denial of Service Vulnerability
2001-07-26: Microsoft Remote Procedure Call Service DoS Vulnerability
2001-06-06: Microsoft Exchange OWA Embedded Script Execution Vulnerability
2001-03-01: Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
2000-11-16: Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
2002-03-28: Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
2002-02-27: Microsoft Windows SMTP Service Authorization Bypass Vulnerability
2001-12-06: Microsoft OWA Server Embedded Script Execution Vulnerability
2001-09-06: Microsoft Exchange OWA Global Address List Disclosure Vulnerability
2001-08-22: Microsoft Outlook Web Access Denial of Service Vulnerability
2001-07-26: Microsoft Remote Procedure Call Service DoS Vulnerability
2001-07-16: Microsoft Exchange 5.5 LDAP Denial of Service Vulnerabilities
2001-06-06: Microsoft Exchange OWA Embedded Script Execution Vulnerability
2000-10-31: Microsoft Exchange Server Invalid MIME Header charset = "" DoS Vulnerability
2000-06-05: Microsoft Outlook / Exchange Blank Headers DoS Vulnerability
1999-08-06: NT Exchange Server Encapsulated SMTP Address Vulnerability
1999-02-15: Microsoft Exchange Server Empty MIME Boundary DoS
1998-07-24: Microsoft Exchange Server AUTH / XAUTH / AUTHINFO DoS Vulnerabilities
1998-06-26: Multiple Vendor PKCS#1 Vulnerability
2002-04-18: Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability
2002-04-16: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability
2002-04-10: Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
2002-04-10: Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
2002-04-10: Microsoft IIS ASP Server-Side Include Buffer Overflow Vulnerability
2002-04-10: Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
2002-04-10: Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
2002-04-10: Microsoft IIS Help File Search Cross Site Scripting Vulnerability
2002-04-10: Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
2002-04-10: Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
2002-04-10: Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability
2002-04-10: Microsoft IIS Chunked Encoding Heap Overflow Variant Vulnerability
2002-03-05: Microsoft IIS Authentication Method Disclosure Vulnerability
2002-02-19: Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability
2002-02-12: Microsoft IIS 5.1 Frontpage Server Extensions File Source Disclosure Vulnerability
2002-02-11: Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerability
2002-01-31: Microsoft MSDTC Service Denial of Service Vulnerability
2002-01-16: Multiple Vendor Unprivileged User Permissions Log File Modification Vulnerability
2001-12-11: Microsoft IIS False Content-Length Field DoS Vulnerability
2001-08-16: Microsoft IIS 4.0 URL Redirection DoS Vulnerability
2001-08-15: Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability
2001-08-15: Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
2001-08-15: Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
2001-08-15: Microsoft IIS MIME Header Denial of Service Vulnerability
2001-08-08: MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability
2001-07-04: Microsoft IIS Device File Local DoS Vulnerability
2001-07-04: Microsoft IIS Device File Remote DoS Vulnerability
2001-06-21: Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability
2001-05-17: IIS WebDav Lock Method Memory Leak DoS Vulnerability
2001-05-15: MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
2001-05-14: Microsoft IIS Various Domain User Account Access Vulnerability
2001-05-06: Microsoft IIS WebDAV 'Propfind' Server Restart Vulnerability
2001-05-01: Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
2001-03-16: Microsoft IIS WebDAV 'Search' Denial of Service Vulnerability
2001-03-08: Microsoft IIS WebDAV Denial of Service Vulnerability
2001-03-01: Microsoft IIS Multiple Invalid URL Request DoS Vulnerability
2001-03-01: Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
2001-01-29: Microsoft IIS File Fragment Disclosure Vulnerability
2000-12-22: Microsoft IIS Front Page Server Extension DoS Vulnerability
2000-11-06: Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability
2000-11-06: Microsoft IIS Executable File Parsing Vulnerability
2000-10-23: Microsoft IIS 4.0/5.0 Session ID Cookie Disclosure Vulnerability
2000-10-17: Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability
2000-10-04: Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability
2000-09-05: Microsoft NT 4.0 and IIS 4.0 Invalid URL Request DoS Vulnerability
2000-08-21: Microsoft FrontPage/IIS Cross Site Scripting shtml.dll Vulnerability
2000-08-21: Microsoft IIS Cross Site Scripting .shtml Vulnerability
2000-08-14: Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability
2000-08-10: Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability
2000-07-17: Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability
2000-07-14: Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability
2000-07-13: Microsoft IIS Internal IP Address Disclosure Vulnerability
2000-05-14: Microsoft IIS FTP Denial of Service Vulnerability
2000-05-11: Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
2000-05-11: Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability
2000-05-10: Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability
2000-05-06: Microsoft Frontpage Server Extensions Path Disclosure Vulnerability
2000-04-12: Microsoft IIS 4.0/5.0 Escaped Characters Vulnerability
2000-03-30: Microsoft IIS UNC Mapped Virtual Host Vulnerability
2000-03-20: Microsoft IIS 4.0 Chunked Transfer Encoding Buffer Overflow Vulnerability
2000-03-08: Microsoft IIS UNC Path Disclosure Vulnerability
2000-02-15: Microsoft IIS 4.0 Pickup Directory DoS Vulnerability
2000-02-09: NT IIS ASP VBScript Runtime Error Viewable Source Vulnerability
2000-02-02: NT IIS idq.dll Directory Traversal Vulnerability
1999-12-21: Microsoft IIS Virtual Directory Naming Vulnerability
1999-12-21: Microsoft IIS Escape Character Parsing Vulnerability
1999-12-02: IIS / Site Server Multithread SSL Vulnerability
1999-09-23: Microsoft IIS 4.0 Domain Resolution Vulnerability
1999-09-23: Microsoft IIS FTP NO ACCESS Read/Delete File Vulnerability
1999-08-16: Microsoft IIS And PWS 8.3 Directory Name Vulnerability
1999-08-11: NT IIS Malformed HTTP Request Header DoS Vulnerability
1999-07-19: NT IIS MDAC RDS Vulnerability
1999-07-07: NT IIS SSL DoS Vulnerability
1999-07-06: Sun Java HotSpot DoS Vulnerability
1999-06-24: NT IIS Double Byte Code Page Vulnerability
1999-06-15: NT IIS4 Buffer Overflow Vulnerability
1999-05-25: Microsoft JET Database Engine VBA Vulnerability
1999-05-07: NT IIS Showcode ASP Vulnerability
1999-03-08: NT IIS ISAPI GetExtensionVersion() Vulnerability
1999-02-28: Microsoft IIS '../..' Denial of Service Vulnerability
1999-02-11: NT Using ASP And FSO To Read Server Files Vulnerability
1999-01-27: NT IIS4 Shared ASP Cache Vulnerability
1999-01-26: NT IIS4 DoS - ExAir Sample Site Vulnerability
1999-01-26: NT IIS IISAPI Extension Enumerate Root Web Server Directory Vulnerability
1999-01-24: NT IIS FTP DoS / Buffer Overflow Vulnerability
1999-01-22: NT IIS4 Log Avoidance Vulnerability
1999-01-18: Microsoft VisualInterDev 6.0 - IIS4 - Mgmt with no authentication Vulnerability
1999-01-14: NT IIS4 Remote Web-Based Administration Vulnerability
1999-01-14: IIS 4.0 fpcount.exe Buffer Overflow Vulnerability
1998-12-25: Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability
1998-07-01: NT IIS ASP Alternate Data Streams Vulnerability
1998-06-26: Multiple Vendor PKCS#1 Vulnerability
1998-02-09: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack
1997-09-25: Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability
1997-06-21: Microsoft IIS Long URL Denial of Service Vulnerability
1997-03-19: Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability
1997-02-20: Microsoft IIS Appended Dot Script Source Disclosure Vulnerability
1996-03-01: Multiple Vendor .BAT/.CMD Remote Command Execution Vulnerability
2002-04-08: Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
2002-03-31: Microsoft Outlook HTML Mail Script Execution Vulnerability
2002-03-28: Microsoft Temporary Internet File Execution Vulnerability
2002-03-21: Microsoft Outlook IFrame Embedded URL Vulnerability
2002-03-21: Microsoft Outlook Javascript Execution Vulnerability
2002-03-21: Microsoft Outlook Disabled Cookies Setting Bypass Vulnerability
2001-07-12: Microsoft Outlook Unauthorized Email Access Vulnerability
2001-07-12: Microsoft Outlook Arbitrary Code Execution Vulnerability
2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
2001-02-22: Microsoft Outlook vcard Buffer Overflow Vulnerability
2001-01-17: Microsoft Outlook Concealed Attachment Vulnerability
2001-01-15: Microsoft MSHTML.DLL Crash Vulnerability
2000-08-31: Microsoft Outlook Vcard DoS Vulnerability
2000-08-24: Microsoft Outlook Rich Text Format Information Disclosure Vulnerability
2000-07-20: Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
2000-07-18: Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-05-11: Microsoft Office 2000 UA Control Vulnerability
2000-02-19: Microsoft Signed ActiveX Active Setup Vulnerability
1999-11-08: Microsoft ActiveX CAB File Execution Vulnerability
2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
2000-08-24: Microsoft Outlook Rich Text Format Information Disclosure Vulnerability
2000-07-20: Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
2000-07-18: Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-06-05: Microsoft Outlook / Exchange Blank Headers DoS Vulnerability
2001-07-12: Microsoft Outlook Unauthorized Email Access Vulnerability
2001-07-12: Microsoft Outlook Arbitrary Code Execution Vulnerability
2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
2001-02-22: Microsoft Outlook vcard Buffer Overflow Vulnerability
2001-01-17: Microsoft Outlook Concealed Attachment Vulnerability
2000-08-31: Microsoft Outlook Vcard DoS Vulnerability
2000-08-24: Microsoft Outlook Rich Text Format Information Disclosure Vulnerability
2000-07-20: Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
2000-07-18: Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-05-12: Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
2000-02-19: Microsoft Signed ActiveX Active Setup Vulnerability
1999-11-08: Microsoft ActiveX CAB File Execution Vulnerability
1999-11-04: Microsoft IE window.open Redirect Vulnerability
1999-01-27: Auto-execution Of VBA code Vulnerability
1999-01-21: Microsoft IE4 Clipboard Paste Vulnerability
1998-07-03: Multiple Vendor Buffer Overflow in MIME-aware Mail and News Clients Vulnerability
2002-05-01: Microsoft Internet Explorer/Outlook Express XBM Handling DoS Vulnerability
2002-04-24: Microsoft Outlook Express DOS Device Denial of Service Vulnerability
2002-04-08: Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
2002-03-28: Microsoft Temporary Internet File Execution Vulnerability
2002-03-21: Microsoft Outlook IFrame Embedded URL Vulnerability
2002-03-21: Microsoft Outlook Javascript Execution Vulnerability
2002-03-21: Microsoft Outlook Disabled Cookies Setting Bypass Vulnerability
2002-02-13: Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability
2001-09-12: Microsoft Outlook Express 6 Plain Text Message Script Execution Vulnerability
2001-08-30: Outlook Express 6 Attachment Security Bypass Vulnerability
2001-08-14: Multiple Vendor HTML Form Protocol Vulnerability
2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
2001-04-20: Microsoft IE and OE XML Stylesheets Active Scripting Vulnerability
2001-02-22: Microsoft Outlook vcard Buffer Overflow Vulnerability
2001-01-17: Microsoft Outlook Concealed Attachment Vulnerability
2001-01-15: Microsoft MSHTML.DLL Crash Vulnerability
2000-07-20: Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
2000-07-20: Microsoft Outlook Express Persistent Mail-Browser Link Vulnerability
2000-07-18: Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-05-12: Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
2000-02-19: Microsoft Signed ActiveX Active Setup Vulnerability
2000-02-01: MS Outlook Express 5 Javascript Email Access Vulnerability
1999-11-08: Microsoft ActiveX CAB File Execution Vulnerability
1999-08-27: Microsoft HTML Form Control DoS Vulnerability
1999-05-11: Outlook Express POP Denial of Service Vulnerability
1998-07-03: Multiple Vendor Buffer Overflow in MIME-aware Mail and News Clients Vulnerability
2002-04-16: Multiple Microsoft Products for MacOS File URL Buffer Overflow Vulnerability
2001-12-03: Microsoft Outlook Express for Macintosh Buffer Overflow Vulnerability
2001-08-14: Multiple Vendor HTML Form Protocol Vulnerability
2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
1999-12-22: Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability
1999-11-12: Microsoft Outlook Express For Mac Download Vulnerability
1999-06-15: Microsoft Outlook Express for MacOS "Change Current User" Vulnerability
|