CVSS: 6.1EPSS: 1%CPEs: 139EXPL: 1CVE-2011-1578
https://notcve.org/view.php?id=CVE-2011-1578
27 Apr 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. Ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de 1.16.3, cuando Internet Explorer 6 o versiones ant... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2009-2954
https://notcve.org/view.php?id=CVE-2009-2954
24 Aug 2009 — Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. Microsoft Internet Explorer v6.0.2900.2180 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o cuelgue de aplicación) a través de código JavaScript con un valor de cadena larga para la propiedad "hash... • http://websecurity.com.ua/3424 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 127EXPL: 1CVE-2009-2576
https://notcve.org/view.php?id=CVE-2009-2576
22 Jul 2009 — Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga... • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 2CVE-2009-2536
https://notcve.org/view.php?id=CVE-2009-2536
20 Jul 2009 — Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Microsoft Internet Explorer v5 hasta v8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-200... • http://www.exploit-db.com/exploits/9160 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 94EXPL: 0CVE-2009-2069
https://notcve.org/view.php?id=CVE-2009-2069
15 Jun 2009 — Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. Microsoft Internet Explorer anterior a 8 muestra un certificado cacheado para una página de respuesta CONEXIÓN (1) 4xx o (2) 5xx ... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2009-2064
https://notcve.org/view.php?id=CVE-2009-2064
15 Jun 2009 — Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Microsoft Internet Explorer 8, y posiblemente otras versiones, detecta contenido http en páginas web https... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 7.4EPSS: 0%CPEs: 94EXPL: 1CVE-2009-2057
https://notcve.org/view.php?id=CVE-2009-2057
15 Jun 2009 — Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Microsoft Internet Explorer anteriores a v8 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor ... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 80%CPEs: 1EXPL: 0CVE-2007-5456
https://notcve.org/view.php?id=CVE-2007-5456
14 Oct 2007 — Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege ... • http://securityreason.com/securityalert/3222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 9%CPEs: 43EXPL: 11CVE-2007-1765 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-1765
30 Mar 2007 — Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad n... • https://www.exploit-db.com/exploits/3684 •
CVSS: 6.5EPSS: 20%CPEs: 13EXPL: 1CVE-2006-7031 – Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service
https://notcve.org/view.php?id=CVE-2006-7031
23 Feb 2007 — Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. Microsoft Internet Explorer 6.0.2900 SP2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un elemento tabla con un atributo CSS que fija la posición, lo cual dispara una "excepción no manejada" en mshtml.dll. • https://www.exploit-db.com/exploits/1775 •