Page 125 of 840 results (0.012 seconds)

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2

Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. • http://www.securityfocus.com/archive/1/358043 http://www.securityfocus.com/bid/9924 https://exchange.xforce.ibmcloud.com/vulnerabilities/15544 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. • http://marc.info/?l=bugtraq&m=108422549617947&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16112 •

CVSS: 2.6EPSS: 59%CPEs: 4EXPL: 3

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html http://secunia.com/advisories/12304 http://securitytracker.com/id?1010957 http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt http://www.osvdb.org/8978 https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. • http://marc.info/?l=bugtraq&m=110053968530613&w=2 http://secunia.com/advisories/13208 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html http://www.securityfocus.com/bid/11680 https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 •

CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 3

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 http://www.securityfocus.com/archive/1/348688 http://www.securityfocus.com/bid/9335 •