CVSS: 5.0EPSS: 94%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 http://secunia.com/advisories/13704 http://www.7a69ezine.org/node/view/176 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1198
https://notcve.org/view.php?id=CVE-2004-1198
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html http://www.securityfocus.com/archive/1/382257 http://www.securityfocus.com/bid/11751 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1173
https://notcve.org/view.php?id=CVE-2004-1173
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. • http://marc.info/?l=bugtraq&m=110271114525795&w=2 http://marc.info/?l=ntbugtraq&m=110271016129952&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18444 •
CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 2CVE-2004-1166 – Microsoft Internet Explorer 5.0.1 - FTP URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1166
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24800 http://marc.info/?l=bugtraq&m=110253463305359&w=2 http://secunia.com/advisories/13404 http://secunia.com/advisories/29346 http://securitytracker.com/id?1012444 http://www.osvdb.org/12299 http://www.rapid7.com/advisories/R7-0032.jsp http://www.securityfocus.com/archive/1/489500/100/0/threaded http://www.securityfocus.com/bid/11826 http://www.securityfocus.com/bid/28208 http://www.vupen.com/english/advisories/2006/3212 ht • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •