Page 46 of 292 results (0.005 seconds)

CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 2

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. • https://www.exploit-db.com/exploits/20552 http://marc.info/?l=bugtraq&m=97958685100219&w=2 http://www.securityfocus.com/bid/2202 https://exchange.xforce.ibmcloud.com/vulnerabilities/5938 •

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0

A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. • http://www.osvdb.org/7817 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/6086 •

CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. • http://www.osvdb.org/7820 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/6085 •

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. • https://www.exploit-db.com/exploits/20459 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/5615 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. • http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt http://www.securityfocus.com/bid/1793 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/5367 •