CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2001-0089 – Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload
https://notcve.org/view.php?id=CVE-2001-0089
16 Feb 2001 — Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. • https://www.exploit-db.com/exploits/20459 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2001-0091
https://notcve.org/view.php?id=CVE-2001-0091
16 Feb 2001 — The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. • http://www.osvdb.org/7820 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0090
https://notcve.org/view.php?id=CVE-2001-0090
16 Feb 2001 — The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. • http://www.securityfocus.com/bid/2046 •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2001-0092
https://notcve.org/view.php?id=CVE-2001-0092
16 Feb 2001 — A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. • http://www.osvdb.org/7817 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2000-0982
https://notcve.org/view.php?id=CVE-2000-0982
19 Dec 2000 — Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. • http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2000-0767
https://notcve.org/view.php?id=CVE-2000-0767
13 Oct 2000 — The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. • http://www.securityfocus.com/bid/1564 •
CVSS: 2.6EPSS: 30%CPEs: 9EXPL: 0CVE-2000-0768
https://notcve.org/view.php?id=CVE-2000-0768
13 Oct 2000 — A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. • http://www.securityfocus.com/bid/1564 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2000-0662
https://notcve.org/view.php?id=CVE-2000-0662
14 Jul 2000 — Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). • http://www.securityfocus.com/bid/1474 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0596
https://notcve.org/view.php?id=CVE-2000-0596
27 Jun 2000 — Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. • http://www.cert.org/advisories/CA-2000-16.html •
CVSS: 2.6EPSS: 30%CPEs: 4EXPL: 0CVE-2000-0503
https://notcve.org/view.php?id=CVE-2000-0503
06 Jun 2000 — The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. • http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html •