Lucene search
K

125 matches found

securityvulns
securityvulns
added 2003/09/11 12:0 a.m.35 views

MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method

BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/09/04 12:0 a.m.39 views

Microsoft Internet Explorer showHelp crossite scripting

Subsequent calls to showHelp cause content to be displayed in the same security zone...

1.1AI score
Exploits0References3Affected Software1
NVD
NVD
added 2003/06/09 4:0 a.m.19 views

CVE-2003-0309

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause...

7.5CVSS7.5AI score0.4997EPSS
Exploits0References9
exploitpack
exploitpack
added 2003/06/07 12:0 a.m.14 views

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execu...

7.3AI score
Exploits0
CVE
CVE
added 2003/05/17 4:0 a.m.64 views

CVE-2003-0309

The CVE covers Microsoft Internet Explorer 5.01, 5.5, and 6.0 where a crafted web document with a large number of duplicate file:// or other requests using FRAME/IFRAME can trigger multiple file download dialogs, ultimately allowing remote code execution. The issue is mitigated by Microsoft patch...

7.5CVSS8AI score0.4997EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2003/05/17 4:0 a.m.20 views

CVE-2003-0309

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause...

8AI score0.4997EPSS
Exploits0References9
securityvulns
securityvulns
added 2002/12/04 12:0 a.m.22 views

Poisonous Style for Dialog window turns the zone off.

Poisonous Style for Dialog window turns the zone off. "that's all" is the end of file if you are in a hurry tested MSIEv6CN version Patch: Q312461,Q328790MS02-066 IEXPLORE.EXE file version: 6.0.2600.0000 MSHTML.DLL file version: 6.00.2600.0000 demo at...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.51 views

Security Bulletin MS02-055: Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)

---------------------------------------------------------------------- Title: Unchecked Buffer in Windows Help Facility Could Enable Code Execution Q323255 Date: 02 October 2002 Software: Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millennium Edition Microsoft...

1AI score
Exploits0
CVE
CVE
added 2002/06/25 4:0 a.m.80 views

CVE-2002-0057

The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...

5CVSS6.4AI score0.19175EPSS
Exploits0References6Affected Software3
exploitpack
exploitpack
added 2002/06/12 12:0 a.m.16 views

Microsoft SQL Server 2000 - SQLXML Script Injection

Microsoft SQL Server 2000 - SQLXML Script Injection source: https://www.securityfocus.com/bid/5005/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various method...

0.3AI score
Exploits0
CERT
CERT
added 2002/05/30 12:0 a.m.21 views

Microsoft Internet Explorer may handle certain web pages in an incorrect, less restrictive security zone (MS02-023)

Overview Microsoft Internet Explorer IE may handle malformed Internet pages accessed through the NetBIOS protocol as if they belong to the IE's Intranet or Trusted Sites security zones, instead of the more restrictive Internet security zone. Description If a user views a page on the Internet that...

7.5CVSS7.5AI score0.24002EPSS
Exploits0References2
securityvulns
securityvulns
added 2002/05/21 12:0 a.m.52 views

Six new bugs in Internet Explorer

Crossite scripting, local files disclosure, security zone spoofing, etc...

0.5AI score
Exploits0References6Affected Software1
Exploit DB
Exploit DB
added 2002/04/15 12:0 a.m.26 views

Microsoft Internet Explorer 5.5/6.0 - History List Script Injection

source: https://www.securityfocus.com/bid/4505/info A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page context given appropriate user interaction. Internet Explorer stores...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/28 12:0 a.m.57 views

Executable launch via Windows Medial Player from Microsoft Outlook/Outlook express

Via Windows Media file wma it's possible to open HTML file in local security zone, from html it's open chm, from chm - executable...

2.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2002/03/08 5:0 a.m.23 views

CVE-2002-0057

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source...

5CVSS6.4AI score0.19175EPSS
Exploits0References6
Cvelist
Cvelist
added 2001/09/18 4:0 a.m.30 views

CVE-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests...

6.7AI score0.162EPSS
Exploits0References3
CVE
CVE
added 2001/09/18 4:0 a.m.66 views

CVE-2001-0238

The CVE-2001-0238 entry concerns Microsoft Data Access Component Internet Publishing Provider (ID 8.103.2519.0 and earlier). The available connected documents describe that remote attackers can bypass Security Zone restrictions through WebDAV requests. The root cause details are not explicitly st...

7.5CVSS7.1AI score0.162EPSS
Exploits0References3Affected Software6
EUVD
EUVD
added 2001/09/18 4:0 a.m.5 views

EUVD-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests...

7.5CVSS6.7AI score0.162EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/07/13 12:0 a.m.36 views

Vulnerability in IE/Outlook ActiveX control

-----BEGIN PGP SIGNED MESSAGE----- Microsoft alerted me to a new vulnerability discovered by Georgi Guninski and now posted publicly. The vulnerability involves an ActiveX control that is installed by a variety of software, including Office/Outlook XP. The control exposes a method which should no...

7.3AI score
Exploits0
NVD
NVD
added 2001/07/02 4:0 a.m.22 views

CVE-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests...

7.5CVSS6.7AI score0.162EPSS
Exploits0References3
Rows per page
Query Builder