Security Vulnerabilities, CVEs, Published In June 2006 (Information Leak)
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
Max CVSS
7.5
EPSS Score
95.23%
Published
2006-06-28
Updated
2021-07-23
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
1.06%
Published
2006-06-12
Updated
2018-10-18
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Max CVSS
4.0
EPSS Score
95.04%
Published
2006-06-07
Updated
2011-10-11
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
Max CVSS
4.3
EPSS Score
13.35%
Published
2006-06-13
Updated
2021-07-23
4 vulnerabilities found