Page 155 of 1318 results (0.036 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2

CVE-2010-2091 – Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure

https://notcve.org/view.php?id=CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. Microsoft Outlook Web Access (OWA) v8.2.254.0, cuando se usa Internet Explorer 7 sobre Windows Server 2003, no maneja adecuadamente el parámetro "id" en la acción "Folder IPF.Note" a la URI por defecto, lo que podría permitir a atacantes remotos obtener información sensible o llevar a cabo ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de un valor no válido. • https://www.exploit-db.com/exploits/12728 http://www.exploit-db.com/exploits/12728 http://www.securityfocus.com/archive/1/511401/100/0/threaded http://www.securityfocus.com/archive/1/511416/100/0/threaded http://www.securityfocus.com/archive/1/511448/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/58835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1

CVE-2010-1991

https://notcve.org/view.php?id=CVE-2010-1991

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegación del servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2

CVE-2010-1489

https://notcve.org/view.php?id=CVE-2010-1489

The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. El XSS Filter en Microsoft Internet Explorer 8 no realiza adecuadamente la neutralización para la etiqueta SCRIPT, lo que permite a atacantes remotos llevar a cabo ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) contra sitios web que no tiene vulnerabilidades XSS inherentes. Vulnerabilidad distinta del CVE-2009-4074. • http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xss-filter.aspx http://p42.us/ie8xss http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 68%CPEs: 26EXPL: 0

CVE-2010-0267

https://notcve.org/view.php?id=CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39023 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 11%CPEs: 27EXPL: 0

CVE-2010-0488

https://notcve.org/view.php?id=CVE-2010-0488

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin Policy) y obtener información sensible mediante un sitio web manipulado, también conocido como "Post Encoding Information Disclosure Vulnerability." • http://jvn.jp/en/jp/JVN49467403/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39028 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •