Page 99 of 715 results (0.007 seconds)

CVSS: 7.5EPSS: 96%CPEs: 11EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una página web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no están pensados para ser usados con con Internet Explorer, tcc una variante de la "Vulnerabilidad de Corrupción de Memoria por Instanciamiento de Objeto COM", una vulnerabilidad diferente de CVE-2005-2127. • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015348 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/21763 http://www.securityfocus.com/bid/15827 http://www.us-cert.gov/cas/techalerts/TA05-347A.html http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 •

CVSS: 5.0EPSS: 96%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015350 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/bid/15825 http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 https://docs.microsoft.com/en-us/security- •

CVSS: 5.1EPSS: 94%CPEs: 4EXPL: 0

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualización del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el botón "Ejecutar", tcc "Vulnerabilidad de Manipulación de Cuadro de Descarga de Fichero". • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://secunia.com/secunia_research/2005-21/advisory http://secunia.com/secunia_research/2005-7/advisory http://securityreason.com/securityalert/254 http://securitytracker.com/id?1015349 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/archive/1/419395/100/0/threaded http:&#x •

CVSS: 7.1EPSS: 94%CPEs: 3EXPL: 2

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." • http://secunia.com/advisories/17564 http://securitytracker.com/id?1016291 http://www.hacker.co.il/security/ie/css_import.html http://www.securityfocus.com/bid/15660 http://www.vupen.com/english/advisories/2005/2804 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 https://oval.cisecurity.org/repository/search/defin • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 62%CPEs: 1EXPL: 2

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. • http://marc.info/?l=bugtraq&m=113017003617987&w=2 http://securityreason.com/securityalert/18 http://www.computec.ch/download.php?view.683 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746 http://www.securiteam.com/windowsntfocus/6F00B00EBY.html •