CVE-2011-1587
https://notcve.org/view.php?id=CVE-2011-1587
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de v1.16.4, cuando se utiliza Internet Explorer v6 o versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un archivo cargado; accediendo con una extensión peligrosa como .html que se encuentra antes de un ? • http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html http://openwall.com/lists/oss-security/2011/04/18/5 http://www.debian.org/security/2011/dsa-2366 https://bugzilla.redhat.com/show_bug.cgi?id=696360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4073
https://notcve.org/view.php?id=CVE-2009-4073
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. La funcionalidad de impresión en Microsoft Internet Explorer 8 permite a atacantes remotos descubrir un nombre de archivo y probablemente descubrir un usuario local, por la lectura del dc: pequeño elemento de un documento PDF que fue generado desde una página web local. • http://osvdb.org/60504 http://secunia.com/advisories/37362 http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths http://www.securityfocus.com/archive/1/508010/100/0/threaded http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-2954
https://notcve.org/view.php?id=CVE-2009-2954
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. Microsoft Internet Explorer v6.0.2900.2180 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o cuelgue de aplicación) a través de código JavaScript con un valor de cadena larga para la propiedad "hash" (también conocida como location.hash). Cuestión relacionada con el CVE-2008-5715. • http://websecurity.com.ua/3424 http://www.securityfocus.com/archive/1/506006/100/0/threaded • CWE-20: Improper Input Validation •
CVE-2009-2576
https://notcve.org/view.php?id=CVE-2009-2576
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded http://www.securityfocus.com/archive/1/505120/100/0/threaded http://www.securityfocus.com/archive/1/505122/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2009-2536
https://notcve.org/view.php?id=CVE-2009-2536
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Microsoft Internet Explorer v5 hasta v8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/52870 • CWE-399: Resource Management Errors •