CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug http://www.osvdb.org/28614 •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijación de sesión y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versión 2.X también se encuentra afectada por esta vulnerabilidad. • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://secunia.com/advisories/12580 http://securitytracker.com/id?1011331 http://www.securityfocus.com/bid/11186 https://bugzilla.mozilla.org/show_bug.cgi?id=252342 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://securitytracker.com/id?1011332 http://www.securityfocus.com/bid/11186 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 •
CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 2CVE-2003-1275 – Microsoft Pocket Internet Explorer 3.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2003-1275
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. • https://www.exploit-db.com/exploits/22119 http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html http://www.iss.net/security_center/static/11004.php http://www.securityfocus.com/bid/6507 •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 1CVE-2002-0153 – Apple Mac OS Internet Explorer 3/4/5 - File Execution
https://notcve.org/view.php?id=CVE-2002-0153
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML específico. Tambien conocido como vulnerabilidad de "Invocación local de AppleScript" • https://www.exploit-db.com/exploits/21238 http://www.iss.net/security_center/static/8851.php http://www.osvdb.org/5356 http://www.securityfocus.com/archive/1/251805 http://www.securityfocus.com/bid/3935 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 •