CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0815
https://notcve.org/view.php?id=CVE-2002-0815
01 Aug 2002 — The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. • http://marc.info/?l=bugtraq&m=102796732924658&w=2 •
CVSS: 9.8EPSS: 90%CPEs: 12EXPL: 1CVE-2002-0371 – Microsoft Internet Explorer 5/6 / Microsoft ISA Server 2000 / Microsoft Proxy Server 2.0 Gopher Client - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0371
15 Jun 2002 — Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. Desbordamiento de búfer en el cliente gopher de Microsoft Internet Explorer 5.1 a la 6.0, Proxy Server 2.0, o ISA Server 2000 permite a atacantes remotos la ejecución de código arbitrario mediante una URL gopher:// que redirige al usu... • https://www.exploit-db.com/exploits/21510 •
CVSS: 5.0EPSS: 95%CPEs: 8EXPL: 1CVE-2002-0500
https://notcve.org/view.php?id=CVE-2002-0500
11 Jun 2002 — Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 2CVE-2002-0461 – Microsoft Internet Explorer 5/6 / Mozilla 0.8/0.9.x / Opera 5/6 - JavaScript Interpreter Denial of Service
https://notcve.org/view.php?id=CVE-2002-0461
11 Jun 2002 — Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. • https://www.exploit-db.com/exploits/21346 •
CVSS: 8.8EPSS: 4%CPEs: 7EXPL: 0CVE-2002-0190
https://notcve.org/view.php?id=CVE-2002-0190
29 May 2002 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario con menos restricciones de seguridad mediante una página Web malformada que requiere conectividad NetBIOS. También conocida como "Vulnerabilidad de engaño de zo... • http://www.iss.net/security_center/static/9084.php •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 1CVE-2002-0191 – Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)
https://notcve.org/view.php?id=CVE-2002-0191
29 May 2002 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ver ficheros arbitrarios que contienen el carácter "{" (llave) mediante una secuencia de comandos que contenga la propiedad cssText del objeto hoja de estilos. También conocida... • https://www.exploit-db.com/exploits/21361 •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2002-0188
https://notcve.org/view.php?id=CVE-2002-0188
29 May 2002 — Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Microsoft Internet Explorer 5.01 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante los campos de cabecera Content-Type y C... • http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html •
CVSS: 8.8EPSS: 6%CPEs: 4EXPL: 1CVE-2002-0193 – Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution
https://notcve.org/view.php?id=CVE-2002-0193
29 May 2002 — Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. (repetida de CAN-2002-0193) • https://www.exploit-db.com/exploits/21452 •
CVSS: 7.5EPSS: 15%CPEs: 5EXPL: 1CVE-2002-0189 – Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)
https://notcve.org/view.php?id=CVE-2002-0189
17 May 2002 — Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. Vulnerabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Explorer 6.0 permite a atacantes remotos ejecutar secuencias de comandos en la zona "Ordenador Local" con una URL que explota un recurso HTML local. También conocida ... • https://www.exploit-db.com/exploits/21750 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0242
https://notcve.org/view.php?id=CVE-2002-0242
03 May 2002 — Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Vulnerabilidad de secuencias de comandos en sitios cruzados en Internet Explorer 6 y anteriores permite que atacante remotos ejecuten código arbitrario por medio de un formulario HTML extendido, cuya salida del servidor remoto no se ha aclarado adecuadamente. • http://marc.info/?l=bugtraq&m=101309907709138&w=2 •