Page 17 of 132 results (0.015 seconds)

CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 1

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. Desbordamiento de búfer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera. • https://www.exploit-db.com/exploits/22530 http://marc.info/?l=bugtraq&m=105138417416900&w=2 http://marc.info/?l=bugtraq&m=105718285107246&w=2 http://www.kb.cert.org/vuls/id/169753 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 •

CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 1

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." La función showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (añadibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar código arbitrario. También conocida como "Validación de Seguridad entre dominios con funcionalidad showHelp" • https://www.exploit-db.com/exploits/22226 http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11259.php http://www.kb.cert.org/vuls/id/400577 http://www.securityfocus.com/bid/6780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de díálogo. También conocida como "Validacíon de Seguridad Entre Dominios inapropiada con cuadro de diálogo". • http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11258.php http://www.securityfocus.com/bid/6779 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 •

CVSS: 6.4EPSS: 55%CPEs: 9EXPL: 1

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1

Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. • http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2 http://www.securityfocus.com/archive/1/250248 http://www.securityfocus.com/bid/3862 https://exchange.xforce.ibmcloud.com/vulnerabilities/7906 •