CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2002-0269
https://notcve.org/view.php?id=CVE-2002-0269
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. uno dos tres • http://marc.info/?l=bugtraq&m=101363764421623&w=2 •
CVSS: 7.5EPSS: 74%CPEs: 6EXPL: 0CVE-2002-0078
https://notcve.org/view.php?id=CVE-2002-0078
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. La determinación de zona en Microsoft Internet Explorer 5.5 y 6.0 permite a atacantes remotos ejecutar scripts en la zona 'Ordenador Local' incrustando el script en una cookie. • http://marc.info/?l=bugtraq&m=101781180528301&w=2 http://www.iss.net/security_center/static/8701.php http://www.osvdb.org/3029 http://www.securityfocus.com/bid/4392 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html http://www.osvdb.org/3030 http://www.securityfocus.com/bid/3767 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/7758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 https:&#x •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •