Page 102 of 625 results (0.005 seconds)

CVSS: 2.6EPSS: 59%CPEs: 4EXPL: 3

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html http://secunia.com/advisories/12304 http://securitytracker.com/id?1010957 http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt http://www.osvdb.org/8978 https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. • http://marc.info/?l=bugtraq&m=110053968530613&w=2 http://secunia.com/advisories/13208 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html http://www.securityfocus.com/bid/11680 https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 •

CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 3

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 http://www.securityfocus.com/archive/1/348688 http://www.securityfocus.com/bid/9335 •

CVSS: 5.0EPSS: 93%CPEs: 2EXPL: 1

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." • https://www.exploit-db.com/exploits/719 http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html http://www.kb.cert.org/vuls/id/972415 http://www.us-cert.gov/cas/techalerts/TA05-012B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/18311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349 https://oval.cisecurity.org/repository/search/definition/oval%3A •

CVSS: 5.1EPSS: 81%CPEs: 5EXPL: 2

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE. • https://www.exploit-db.com/exploits/23766 http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/9761 https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 •