Page 40 of 219 results (0.005 seconds)

CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Microsoft Internet Explorer 5.01 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante los campos de cabecera Content-Type y Content-Disposition malformados; lo que hace que la aplicación que debería manejar el fichero falso lo devuelva al sistema operativo en vez levantar un mensaje de error. Tambíen conocida como segunda variante de la vulnerabilidad de "Disposición de contenidos". • http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html http://www.iss.net/security_center/static/9086.php http://www.lac.co.jp/security/english/snsadv_e/48_e.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 •

CVSS: 7.5EPSS: 15%CPEs: 5EXPL: 1

Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. Vulnerabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Explorer 6.0 permite a atacantes remotos ejecutar secuencias de comandos en la zona "Ordenador Local" con una URL que explota un recurso HTML local. También conocida como "Vulnerabilidad de secuencias de comandos en sitios cruzados en recurso HTML Local". • https://www.exploit-db.com/exploits/21750 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Vulnerabilidad de secuencias de comandos en sitios cruzados en Internet Explorer 6 y anteriores permite que atacante remotos ejecuten código arbitrario por medio de un formulario HTML extendido, cuya salida del servidor remoto no se ha aclarado adecuadamente. • http://marc.info/?l=bugtraq&m=101309907709138&w=2 •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. uno dos tres • http://marc.info/?l=bugtraq&m=101363764421623&w=2 •

CVSS: 7.5EPSS: 74%CPEs: 6EXPL: 0

The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. La determinación de zona en Microsoft Internet Explorer 5.5 y 6.0 permite a atacantes remotos ejecutar scripts en la zona 'Ordenador Local' incrustando el script en una cookie. • http://marc.info/?l=bugtraq&m=101781180528301&w=2 http://www.iss.net/security_center/static/8701.php http://www.osvdb.org/3029 http://www.securityfocus.com/bid/4392 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96 •