Page 14 of 134 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el ""href"" al Javascript malicioso y a continuación llamando al comando execCommand(""Refresh""). También se la conoce como vulnerabilidad ""ExecCommand Cross Domain"" o BodyRefreshLoadsJPU . • http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html http://www.kb.cert.org/vuls/id/326412 http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm http://www.securityfocus.com/archive/1/337086 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335 https:&#x •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el método createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el método createRange y usando el diálogo FIND para seleccionar texto, como se demuestra usando Findeath. También se la conoce como vulnerabilidad ""Function Pointer Override Cross Domain"". • http://marc.info/?l=bugtraq&m=106321757619047&w=2 http://marc.info/?l=bugtraq&m=106322542104656&w=2 http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.ciac.org/ciac/bulletins/o-021.shtml http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html http://www.osvdb.org/7888 http://www.osvdb.org/7889 http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML. • http://secunia.com/advisories/10192 http://www.securityfocus.com/bid/9012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 0

Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del ratón a otras ventenas, mediante llamada al método window.moveBy. También se la conoce como vulnerabilidad HijackClick • http://marc.info/?l=bugtraq&m=106322197932006&w=2 http://secunia.com/advisories/10192 http://www.kb.cert.org/vuls/id/413886 http://www.securityfocus.com/archive/1/337086 http://www.securitytracker.com/id?1006036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369 https://ova •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. La función de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de caché mediante una respuesta HTTP con un ContentType inválido y un fichero .html, lo que podría permitir a atacantes remotos saltarse mecanismos de seguridad que se basan en nombres aleatorios, como se demostró por threadid10008. • http://marc.info/?l=bugtraq&m=106979428718705&w=2 http://marc.info/?l=bugtraq&m=106979624321665&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.osvdb.org/7890 http://www.safecenter.net/UMBRELLAWEBV4/threadid10008 https://exchange.xforce.ibmcloud.com/vulnerabilities/13847 •