8 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el interfaz de gestión en Canon Network Camera Server VB100 y VB101 con software empotrado (firmware)3.0 R69 y anteriores, y VB150 con software empotrado (firmware)1.1 R39 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://cweb.canon.jp/drv-upd/webview/notification.html http://jvn.jp/jp/JVN%2306735665 http://osvdb.org/35019 http://secunia.com/advisories/24940 http://www.securityfocus.com/bid/23560 http://www.vupen.com/english/advisories/2007/1461 •

CVSS: 5.0EPSS: 18%CPEs: 41EXPL: 3

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer permite a atacantes remotos provocar denegación de servicio (caida) a través de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula. • https://www.exploit-db.com/exploits/28343 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html http://www.securityfocus.com/bid/19364 http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 •

CVSS: 5.0EPSS: 87%CPEs: 21EXPL: 3

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Vulnerabilidad en el navegador web Internet Explorer v6 de Microsoft que permite a atacantes remotos causar una denegación de servicio (indisponibilidad de la aplicación) asignando a la propiedad "Filter" (filtro) de un objeto ActiveX ADODB.Recordset ciertos valores varias veces, lo que dispara un de-referenciación de un dirección (o puntero) nula. • https://www.exploit-db.com/exploits/28145 http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html http://www.osvdb.org/26834 http://www.securityfocus.com/bid/18773 https://exchange.xforce.ibmcloud.com/vulnerabilities/27596 •

CVSS: 4.0EPSS: 89%CPEs: 11EXPL: 0

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html http://secunia.com/advisories/20449 http://securityreason.com/securityalert/1059 http://www.securityfocus.com/bid/18308 http://www.vupen.com/english/advisories/2006/2161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.6EPSS: 94%CPEs: 9EXPL: 1

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securityreason.com/securityalert/670 http://securitytracker.com/id?1015899 http://www.securityfocus.com/bid/17460 http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336 https://oval.ci • CWE-20: Improper Input Validation •