Total
1740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
| CVE-2002-2031 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | |||||
| CVE-2003-0532 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. | |||||
| CVE-2001-0091 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 2.6 LOW | N/A |
| The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. | |||||
| CVE-2003-0701 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. | |||||
| CVE-2001-0643 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. | |||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
| CVE-2003-0814 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | |||||
| CVE-2000-0329 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2023-12-10 | 5.1 MEDIUM | N/A |
| A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. | |||||
| CVE-2003-1105 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 2.6 LOW | N/A |
| Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. | |||||
| CVE-2003-0344 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | |||||
| CVE-1999-1128 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. | |||||
| CVE-2002-1444 | 2 Google, Microsoft | 2 Toolbar, Internet Explorer | 2023-12-10 | 2.6 LOW | N/A |
| The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. | |||||
| CVE-2002-0078 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | |||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | |||||
| CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | |||||
| CVE-2003-0113 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. | |||||
| CVE-2000-0400 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | |||||
| CVE-2003-1305 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. | |||||
| CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | |||||