CVSS: 6.1EPSS: 0%CPEs: 140EXPL: 0CVE-2011-1587
https://notcve.org/view.php?id=CVE-2011-1587
27 Apr 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Vulnerabilidad de ejecución de ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 139EXPL: 1CVE-2011-1578
https://notcve.org/view.php?id=CVE-2011-1578
27 Apr 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. Ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de 1.16.3, cuando Internet Explorer 6 o versiones ant... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 22EXPL: 0CVE-2011-0094
https://notcve.org/view.php?id=CVE-2011-0094
13 Apr 2011 — Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." La vulnerabilidad de Uso de Memoria Previamente Liberada (Use-after-free) en Microsoft Internet Explorer versiones 6 y 7 permite a los atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se inicializó apropiadamente o (2) s... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 19%CPEs: 22EXPL: 0CVE-2011-1244
https://notcve.org/view.php?id=CVE-2011-1244
13 Apr 2011 — Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un... • http://osvdb.org/71777 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 56%CPEs: 22EXPL: 0CVE-2011-1245
https://notcve.org/view.php?id=CVE-2011-1245
13 Apr 2011 — Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 no restringen adecuadamente el acceso al contenido desde (1) un dominio distinto o (2) zona diferente, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipu... • http://www.securityfocus.com/bid/47192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 83%CPEs: 40EXPL: 0CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atac... • http://osvdb.org/70832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 83%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elec... • http://osvdb.org/70831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
07 Jan 2011 — Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la bibliotec... • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 97%CPEs: 2EXPL: 9CVE-2010-3971 – Microsoft Internet Explorer 8 - CSS Parser Denial of Service
https://notcve.org/view.php?id=CVE-2010-3971
22 Dec 2010 — Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación en la función CSharedStyleSheet::Notify en el parseado Cascading Style Sh... • https://www.exploit-db.com/exploits/15708 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 8%CPEs: 22EXPL: 0CVE-2010-3348
https://notcve.org/view.php?id=CVE-2010-3348
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •