Page 31 of 625 results (0.042 seconds)

CVSS: 4.3EPSS: 54%CPEs: 3EXPL: 0

Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no retringe correctamente el acceso de datos por VBScript, lo que permite a atacantes remotos llevar a cabo lectura de dominios cruzados ("cross-domain") de ficheros JSON mediante un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de revelación de información de un array JSON" • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 93%CPEs: 5EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer del 6 al 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que genera el acceso a un objeto borrado. aka "Internet Explorer Use After Free Vulnerability", vulnerabilidad distinta de CVE-2013-1303 y CVE-2013-1304. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a VML textbox. When a dynamic style is defined, it can remove the textbox resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16621 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products v8.51, v8.52, y v8.53 que permite a atacantes remotos afectar la integridad a través de vectores relacionados con el PIA Core Technology y el uso de Internet Explorer 6. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •

CVSS: 9.3EPSS: 92%CPEs: 5EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338. Vulnerabilidad después de liberación en Microsoft Internet Explorer 6 hasta 10 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer uso después de liberación", una vulnerabilidad diferente a CVE-2013-1304. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16662 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 92%CPEs: 5EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. Vulnerabilidad de utilización después del uso en Microsoft Internet Explorer de la versión 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que provoca el acceso a un objeto eliminado. Aka "Internet Explorer Use After Free Vulnerability," vulnerabilidad distinta de CVE-2013-1303. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16515 • CWE-399: Resource Management Errors •