CVSS: 6.4EPSS: 55%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 26%CPEs: 2EXPL: 2CVE-2002-1705 – Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
https://notcve.org/view.php?id=CVE-2002-1705
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. • https://www.exploit-db.com/exploits/21556 http://online.securityfocus.com/archive/1/277133 http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2 http://www.securityfocus.com/bid/5027 https://exchange.xforce.ibmcloud.com/vulnerabilities/9367 •
CVSS: 4.3EPSS: 94%CPEs: 4EXPL: 4CVE-2002-2062 – Microsoft Internet Explorer 5/6 - FTP Web View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2062
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. • https://www.exploit-db.com/exploits/21515 http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html http://www.iss.net/security_center/static/9290.php http://www.securityfocus.com/bid/4954 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1824
https://notcve.org/view.php?id=CVE-2002-1824
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. • http://online.securityfocus.com/archive/1/292842 http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/bid/5778 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2002-2125
https://notcve.org/view.php?id=CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. • http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/archive/1/292842 http://www.securityfocus.com/bid/5778 •