CVSS: 7.5EPSS: 86%CPEs: 1EXPL: 0CVE-2001-0339
https://notcve.org/view.php?id=CVE-2001-0339
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.osvdb.org/5694 http://www.securityfocus.com/bid/2737 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096 •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0338
https://notcve.org/view.php?id=CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.securityfocus.com/bid/2735 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6555 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0246
https://notcve.org/view.php?id=CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •
CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 2CVE-2001-0149 – Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure
https://notcve.org/view.php?id=CVE-2001-0149
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. • https://www.exploit-db.com/exploits/20243 http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html http://marc.info/?l=ntbugtraq&m=96999020527583&w=2 http://www.securityfocus.com/bid/1718 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/5293 •
CVSS: 5.1EPSS: 82%CPEs: 1EXPL: 1CVE-2001-0150 – Microsoft Internet Explorer 5.0.1/5.5/6.0 - Telnet Client File Overwrite
https://notcve.org/view.php?id=CVE-2001-0150
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. • https://www.exploit-db.com/exploits/20680 http://www.osvdb.org/7816 http://www.securityfocus.com/bid/2463 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/6230 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •