CVSS: 7.5EPSS: 66%CPEs: 9EXPL: 2CVE-2003-0816 – Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
https://notcve.org/view.php?id=CVE-2003-0816
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a j... • https://www.exploit-db.com/exploits/23790 •
CVSS: 9.1EPSS: 22%CPEs: 9EXPL: 0CVE-2003-0823
https://notcve.org/view.php?id=CVE-2003-0823
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del ratón a otras ventenas, mediante llamada al método window.moveBy. También se la conoce como vulnerabilidad HijackClick • http://marc.info/?l=bugtraq&m=106322197932006&w=2 •
CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0CVE-2003-0814
https://notcve.org/view.php?id=CVE-2003-0814
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el ""href"" al Javascript malicioso y a continuación llamando al comando execCommand(""Re... • http://secunia.com/advisories/10192 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0815
https://notcve.org/view.php?id=CVE-2003-0815
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricci... • http://marc.info/?l=bugtraq&m=106321757619047&w=2 •
CVSS: 10.0EPSS: 25%CPEs: 10EXPL: 0CVE-2003-1027
https://notcve.org/view.php?id=CVE-2003-1027
08 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el ratón a otras ven... • http://marc.info/?l=bugtraq&m=106979479719446&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2003-1028
https://notcve.org/view.php?id=CVE-2003-1028
08 Jan 2004 — The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. La función de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de caché mediante una respuesta HTTP con un ContentType inválido y un fichero .html, lo que podría per... • http://marc.info/?l=bugtraq&m=106979428718705&w=2 •
CVSS: 9.3EPSS: 17%CPEs: 10EXPL: 1CVE-2003-1026 – Microsoft Internet Explorer - URL Injection in History List (MS04-004)
https://notcve.org/view.php?id=CVE-2003-1026
08 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es añadido al historial de p... • https://www.exploit-db.com/exploits/151 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 96%CPEs: 1EXPL: 4CVE-2003-1025 – Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation
https://notcve.org/view.php?id=CVE-2003-1025
06 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL... • https://www.exploit-db.com/exploits/23422 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1305
https://notcve.org/view.php?id=CVE-2003-1305
31 Dec 2003 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
31 Dec 2003 — Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 •