Page 127 of 840 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. • http://marc.info/?l=bugtraq&m=110271114525795&w=2 http://marc.info/?l=ntbugtraq&m=110271016129952&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18444 •

CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 2

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24800 http://marc.info/?l=bugtraq&m=110253463305359&w=2 http://secunia.com/advisories/13404 http://secunia.com/advisories/29346 http://securitytracker.com/id?1012444 http://www.osvdb.org/12299 http://www.rapid7.com/advisories/R7-0032.jsp http://www.securityfocus.com/archive/1/489500/100/0/threaded http://www.securityfocus.com/bid/11826 http://www.securityfocus.com/bid/28208 http://www.vupen.com/english/advisories/2006/3212 ht • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •

CVSS: 10.0EPSS: 92%CPEs: 28EXPL: 1

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." • https://www.exploit-db.com/exploits/612 http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html http://marc.info/?l=bugtraq&m=109942758911846&w=2 http://secunia.com/advisories/12959 http://www.kb.cert.org/vuls/id/842160 http://www.securityfocus.com/archive/1/379261 http://www.securityfocus.com/bid/11515 http://www.us-cert.gov/cas/techalerts/TA04-315A.html http://www •

CVSS: 2.6EPSS: 88%CPEs: 3EXPL: 1

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. • http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html http://secunia.com/advisories/13203 http://securityreason.com/securityalert/3220 http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php http://www.kb.cert.org/vuls/id/743974 http://www.securityfocus.com/bid/11686 https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 •