Page 13 of 132 results (0.009 seconds)

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1

CVE-2003-0513

https://notcve.org/view.php?id=CVE-2003-0513

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Microsoft Internet Explorer permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Internet Explorer envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html •

CVSS: 5.0EPSS: 4%CPEs: 10EXPL: 3

CVE-2004-2090 – Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration

https://notcve.org/view.php?id=CVE-2004-2090

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. • https://www.exploit-db.com/exploits/23668 http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html http://secunia.com/advisories/10820 http://www.securityfocus.com/bid/9611 https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

CVE-2003-0814

https://notcve.org/view.php?id=CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el ""href"" al Javascript malicioso y a continuación llamando al comando execCommand(""Refresh""). También se la conoce como vulnerabilidad ""ExecCommand Cross Domain"" o BodyRefreshLoadsJPU . • http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html http://www.kb.cert.org/vuls/id/326412 http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm http://www.securityfocus.com/archive/1/337086 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335 https:&#x •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2003-0815

https://notcve.org/view.php?id=CVE-2003-0815

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el método createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el método createRange y usando el diálogo FIND para seleccionar texto, como se demuestra usando Findeath. También se la conoce como vulnerabilidad ""Function Pointer Override Cross Domain"". • http://marc.info/?l=bugtraq&m=106321757619047&w=2 http://marc.info/?l=bugtraq&m=106322542104656&w=2 http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.ciac.org/ciac/bulletins/o-021.shtml http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html http://www.osvdb.org/7888 http://www.osvdb.org/7889 http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

CVE-2003-0817

https://notcve.org/view.php?id=CVE-2003-0817

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML. • http://secunia.com/advisories/10192 http://www.securityfocus.com/bid/9012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •