CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2002-0242
https://notcve.org/view.php?id=CVE-2002-0242
03 May 2002 — Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Vulnerabilidad de secuencias de comandos en sitios cruzados en Internet Explorer 6 y anteriores permite que atacante remotos ejecuten código arbitrario por medio de un formulario HTML extendido, cuya salida del servidor remoto no se ha aclarado adecuadamente. • http://marc.info/?l=bugtraq&m=101309907709138&w=2 •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2002-0269
https://notcve.org/view.php?id=CVE-2002-0269
03 May 2002 — Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. uno dos tres • http://marc.info/?l=bugtraq&m=101363764421623&w=2 •
CVSS: 7.5EPSS: 22%CPEs: 6EXPL: 0CVE-2002-0078
https://notcve.org/view.php?id=CVE-2002-0078
29 Mar 2002 — The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. La determinación de zona en Microsoft Internet Explorer 5.5 y 6.0 permite a atacantes remotos ejecutar scripts en la zona 'Ordenador Local' incrustando el script en una cookie. • http://marc.info/?l=bugtraq&m=101781180528301&w=2 •
CVSS: 7.5EPSS: 22%CPEs: 7EXPL: 0CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
08 Mar 2002 — Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 0CVE-2002-0077
https://notcve.org/view.php?id=CVE-2002-0077
13 Jan 2002 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 trata objetos invocados en una página HTML con la propiedad 'codebase' como parte de la zona 'Ordenador Local', lo que permite a ataca... • http://marc.info/?l=bugtraq&m=101103188711920&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2001-1497
https://notcve.org/view.php?id=CVE-2001-1497
31 Dec 2001 — Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. • http://www.iss.net/security_center/static/7592.php •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2001-0667
https://notcve.org/view.php?id=CVE-2001-0667
30 Oct 2001 — Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. • http://www.ciac.org/ciac/bulletins/m-024.shtml • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 9%CPEs: 3EXPL: 1CVE-2001-0712
https://notcve.org/view.php?id=CVE-2001-0712
12 Oct 2001 — The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. • http://www.securityfocus.com/archive/1/200109 •
CVSS: 5.9EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0338
https://notcve.org/view.php?id=CVE-2001-0338
27 Jun 2001 — Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2001-0339
https://notcve.org/view.php?id=CVE-2001-0339
27 Jun 2001 — Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml •