CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 4CVE-2002-2031 – Microsoft Internet Explorer 5 - JavaScript Local File Enumeration
https://notcve.org/view.php?id=CVE-2002-2031
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. • https://www.exploit-db.com/exploits/21198 https://www.exploit-db.com/exploits/21199 http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html http://www.iss.net/security_center/static/7784.php http://www.securityfocus.com/bid/3779 •
CVSS: 4.3EPSS: 94%CPEs: 4EXPL: 4CVE-2002-2062 – Microsoft Internet Explorer 5/6 - FTP Web View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2062
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. • https://www.exploit-db.com/exploits/21515 http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html http://www.iss.net/security_center/static/9290.php http://www.securityfocus.com/bid/4954 •
CVSS: 6.4EPSS: 55%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 33%CPEs: 7EXPL: 0CVE-2002-1188
https://notcve.org/view.php?id=CVE-2002-1188
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." • http://marc.info/?l=bugtraq&m=103184415307193&w=2 http://www.ciac.org/ciac/bulletins/n-018.shtml http://www.iss.net/security_center/static/10665.php http://www.securityfocus.com/bid/6217 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690 •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2002-1262
https://notcve.org/view.php?id=CVE-2002-1262
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files. Internet Explorer 5.5 y 6.0 no realizan comprobaciones de seguridad completas en caché externa, lo que permite a atacantes remotos leer ficheros arbitrarios • http://marc.info/?l=bugtraq&m=103825484331857&w=2 http://marc.info/?l=bugtraq&m=103910416824172&w=2 http://marc.info/?l=ntbugtraq&m=103824668621672&w=2 http://marc.info/?l=ntbugtraq&m=103909877717345&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-068 •