Page 110 of 625 results (0.008 seconds)

CVSS: 4.3EPSS: 97%CPEs: 1EXPL: 4

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL, lo que esconde el resto de la URL, incluyendo el sitio real, en la barra de direcciones. • https://www.exploit-db.com/exploits/23422 https://www.exploit-db.com/exploits/23423 https://www.exploit-db.com/exploits/23465 http://www.kb.cert.org/vuls/id/652278 http://www.securityfocus.com/archive/1/346948 http://www.us-cert.gov/cas/techalerts/TA04-033A.html http://www.zapthedingbat.com/security/ex01/vun1.htm https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13935 https://oval.cisecu • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 3%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/3989 http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html http://www.securityfocus.com/archive/1/348360 http://www.securityfocus.com/archive/1/348574 http://www.securityfocus.com/bid/9295 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 6%CPEs: 1EXPL: 4

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. • https://www.exploit-db.com/exploits/23273 http://securityreason.com/securityalert/3295 http://www.securityfocus.com/archive/1/342010 http://www.securityfocus.com/bid/8874 https://exchange.xforce.ibmcloud.com/vulnerabilities/13809 •

CVSS: 2.6EPSS: 1%CPEs: 4EXPL: 0

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 •

CVSS: 7.5EPSS: 94%CPEs: 9EXPL: 2

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas "object" devueltas por un servidor Web durante un una asociación de datos XML, lo que permite a atacantes remotos ejecutar código arbitrario mediante un correo electrónico HTML o una página web. • https://www.exploit-db.com/exploits/23122 http://www.osvdb.org/7887 http://www.securityfocus.com/bid/8565 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 •