CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0CVE-2011-1587
https://notcve.org/view.php?id=CVE-2011-1587
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de v1.16.4, cuando se utiliza Internet Explorer v6 o versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un archivo cargado; accediendo con una extensión peligrosa como .html que se encuentra antes de un ? • http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html http://openwall.com/lists/oss-security/2011/04/18/5 http://www.debian.org/security/2011/dsa-2366 https://bugzilla.redhat.com/show_bug.cgi?id=696360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 58%CPEs: 22EXPL: 0CVE-2011-1245
https://notcve.org/view.php?id=CVE-2011-1245
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 no restringen adecuadamente el acceso al contenido desde (1) un dominio distinto o (2) zona diferente, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. También conocida como "Javascript Information Disclosure Vulnerability." • http://www.securityfocus.com/bid/47192 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12385 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1244
https://notcve.org/view.php?id=CVE-2011-1244
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un sitio web manipulado. También se cono como "Vulnerabilidad de Revelación de Información de Etiquetas de Marco" • http://osvdb.org/71777 http://www.securityfocus.com/bid/47191 http://www.securitytracker.com/id?1025327 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.3EPSS: 95%CPEs: 22EXPL: 0CVE-2011-0094
https://notcve.org/view.php?id=CVE-2011-0094
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." La vulnerabilidad de Uso de Memoria Previamente Liberada (Use-after-free) en Microsoft Internet Explorer versiones 6 y 7 permite a los atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "Layouts Handling Memory Corruption Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elección accediendo al objeto que (1) no fue actualizado adecuadamente o (2) es borrado, permitiendo una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2010-2556 y CVE-2011-0036. • http://osvdb.org/70831 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46157 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •