CVSS: 5.0EPSS: 7%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html http://www.securityfocus.com/bid/15268 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2005-2827 – Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)
https://notcve.org/view.php?id=CVE-2005-2827
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." • https://www.exploit-db.com/exploits/1407 http://secunia.com/advisories/15821 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securityreason.com/securityalert/252 http://securitytracker.com/id?1015347 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.eeye.com/html/research/advisories/AD20051213.html http://www.osvdb.org/18823 http://www.securityfocus.com/archive/1/419377/100/0/threaded http://www.securityfocus.com/bid/15826 •
CVSS: 5.0EPSS: 58%CPEs: 2EXPL: 0CVE-2005-2150
https://notcve.org/view.php?id=CVE-2005-2150
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. • http://marc.info/?l=bugtraq&m=112076409813099&w=2 http://secunia.com/advisories/14189 http://securitytracker.com/id?1014417 http://www.hsc.fr/ressources/presentations/null_sessions http://www.securityfocus.com/bid/14177 http://www.securityfocus.com/bid/14178 https://exchange.xforce.ibmcloud.com/vulnerabilities/21286 https://exchange.xforce.ibmcloud.com/vulnerabilities/21288 •
CVSS: 7.5EPSS: 83%CPEs: 12EXPL: 1CVE-2005-1935
https://notcve.org/view.php?id=CVE-2005-1935
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. • http://www.phreedom.org/solar/exploits/msasn1-bitstring https://exchange.xforce.ibmcloud.com/vulnerabilities/20870 •
CVSS: 5.0EPSS: 63%CPEs: 55EXPL: 1CVE-2005-1184 – Multiple Vendor - TCP Session Acknowledgement Number Denial of Service
https://notcve.org/view.php?id=CVE-2005-1184
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. • https://www.exploit-db.com/exploits/25439 http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html http://www.securityfocus.com/bid/13215 https://exchange.xforce.ibmcloud.com/vulnerabilities/40502 •