Page 18 of 134 results (0.018 seconds)

CVSS: 6.4EPSS: 55%CPEs: 9EXPL: 1

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1

Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. • http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2 http://www.securityfocus.com/archive/1/250248 http://www.securityfocus.com/bid/3862 https://exchange.xforce.ibmcloud.com/vulnerabilities/7906 •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 4

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. • https://www.exploit-db.com/exploits/21198 https://www.exploit-db.com/exploits/21199 http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html http://www.iss.net/security_center/static/7784.php http://www.securityfocus.com/bid/3779 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 1

Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". • http://seclists.org/bugtraq/2002/Jun/0303.html http://www.securityfocus.com/bid/5094 •

CVSS: 5.0EPSS: 16%CPEs: 6EXPL: 1

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. • https://www.exploit-db.com/exploits/21404 http://online.securityfocus.com/archive/1/268776 http://www.securityfocus.com/bid/4564 https://exchange.xforce.ibmcloud.com/vulnerabilities/8904 •