Page 30 of 258 results (0.005 seconds)

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2004-1922

https://notcve.org/view.php?id=CVE-2004-1922

Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. • http://marc.info/?l=bugtraq&m=108183130827872&w=2 •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1

CVE-2003-0513

https://notcve.org/view.php?id=CVE-2003-0513

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Microsoft Internet Explorer permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Internet Explorer envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html •

CVSS: 5.0EPSS: 4%CPEs: 10EXPL: 3

CVE-2004-2090 – Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration

https://notcve.org/view.php?id=CVE-2004-2090

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. • https://www.exploit-db.com/exploits/23668 http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html http://secunia.com/advisories/10820 http://www.securityfocus.com/bid/9611 https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

CVE-2003-0814

https://notcve.org/view.php?id=CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el ""href"" al Javascript malicioso y a continuación llamando al comando execCommand(""Refresh""). También se la conoce como vulnerabilidad ""ExecCommand Cross Domain"" o BodyRefreshLoadsJPU . • http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html http://www.kb.cert.org/vuls/id/326412 http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm http://www.securityfocus.com/archive/1/337086 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335 https:&#x •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2003-0815

https://notcve.org/view.php?id=CVE-2003-0815

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad y lean ficheros arbitrario mediante (1) modificando el método createTextRange y usando CreateLink, como se demuestra usando LinkillerSaveRef, LinkillerJPU, yLinkiller. Y (2) modificando el método createRange y usando el diálogo FIND para seleccionar texto, como se demuestra usando Findeath. También se la conoce como vulnerabilidad ""Function Pointer Override Cross Domain"". • http://marc.info/?l=bugtraq&m=106321757619047&w=2 http://marc.info/?l=bugtraq&m=106322542104656&w=2 http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.ciac.org/ciac/bulletins/o-021.shtml http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html http://www.osvdb.org/7888 http://www.osvdb.org/7889 http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU •