Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft web applications vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote malicious users to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated usi...
Microsoft Internet Explorer 7.0
1 EDB exploit
383
VMScore
CVE-2007-3033
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote malicious users to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and a...
Microsoft Windows Vista
505
VMScore
CVE-2000-0630
IIS 4.0 and 5.0 allows remote malicious users to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
1 EDB exploit
755
VMScore
CVE-2000-0457
ISM.DLL in IIS 4.0 and 5.0 allows remote malicious users to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR&...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
755
VMScore
CVE-2002-0189
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote malicious users to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
1 EDB exploit
765
VMScore
CVE-2005-0944
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote malicious users to execute arbitrary code via a crafted mdb file.
Microsoft Jet
3 EDB exploits
505
VMScore
CVE-2006-4446
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a lar...
Microsoft Ie 6.0
1 EDB exploit
780
VMScore
CVE-2006-5745
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote malicious users to execute arbitrary code via crafted arguments that lead to mem...
Microsoft Xml Core Services 4.0
4 EDB exploits
445
VMScore
CVE-2001-0004
IIS 5.0 and 4.0 allows remote malicious users to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via ....
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
435
VMScore
CVE-2007-3670
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote malicious users to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) F...
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7.0
Mozilla Firefox
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »