Vulnerabilities > Microsoft > Internet Explorer > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-05 | CVE-2013-6912 | Cross-Site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2013-07-25 | CVE-2013-3979 | Cross-Site Scripting vulnerability in IBM Star Command Center Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2013-01-22 | CVE-2012-6502 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | 2.6 |
| 2011-11-30 | CVE-2011-4345 | Cross-Site Scripting vulnerability in Namazu Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. | 2.6 |
| 2009-01-20 | CVE-2008-5912 | Information Disclosure vulnerability in Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. | 2.1 |
| 2008-05-12 | CVE-2008-2159 | Information Exposure vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. | 2.1 |
| 2006-07-21 | CVE-2006-3729 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. | 2.6 |
| 2006-06-26 | CVE-2006-3227 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. | 2.6 |
| 2006-06-02 | CVE-2006-2766 | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. | 2.6 |
| 2006-04-25 | CVE-2006-1992 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900 mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. | 2.6 |