National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:microsoft:internet_explorer:11:-
There are 728 matching records.
Displaying matches 721 through 728.
Vuln ID Summary CVSS Severity
CVE-2009-3737

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

Published: August 17, 2010; 04:00:02 PM -04:00
    V2: 9.3 HIGH
CVE-2009-0305

Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

Published: February 10, 2009; 05:30:00 PM -05:00
    V2: 9.3 HIGH
CVE-2008-5917

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Published: January 20, 2009; 09:30:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-5912

An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: January 20, 2009; 11:30:00 AM -05:00
    V2: 2.1 LOW
CVE-2008-4029

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."

Published: November 12, 2008; 06:30:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-4387

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

Published: November 10, 2008; 11:15:04 AM -05:00
    V2: 9.3 HIGH
CVE-2008-4326

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

Published: September 30, 2008; 12:13:50 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1873

Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.

Published: April 17, 2008; 03:05:00 PM -04:00
    V2: 4.3 MEDIUM