CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una página web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no están pensados para ser usados con con Internet Explorer, tcc una variante de la "Vulnerabilidad de Corrupción de Memoria por Instanciamiento de Objeto COM", una vulnerabilidad diferente de CVE-2005-2127. • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015348 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/21763 http://www.securityfocus.com/bid/15827 http://www.us-cert.gov/cas/techalerts/TA05-347A.html http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 •
CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015350 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/bid/15825 http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 https://docs.microsoft.com/en-us/security- •
CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualización del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el botón "Ejecutar", tcc "Vulnerabilidad de Manipulación de Cuadro de Descarga de Fichero". • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://secunia.com/secunia_research/2005-21/advisory http://secunia.com/secunia_research/2005-7/advisory http://securityreason.com/securityalert/254 http://securitytracker.com/id?1015349 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/archive/1/419395/100/0/threaded http: •
CVE-2005-4089
https://notcve.org/view.php?id=CVE-2005-4089
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." • http://secunia.com/advisories/17564 http://securitytracker.com/id?1016291 http://www.hacker.co.il/security/ie/css_import.html http://www.securityfocus.com/bid/15660 http://www.vupen.com/english/advisories/2005/2804 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 https://oval.cisecurity.org/repository/search/defin • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-2126
https://notcve.org/view.php?id=CVE-2005-2126
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. • http://secunia.com/advisories/17163 http://secunia.com/advisories/17172 http://secunia.com/advisories/17223 http://securitytracker.com/id?1015036 http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf http://www.kb.cert.org/vuls/id/415828 http://www.securiteam.com/windowsntfocus/6M00I0KEAU.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1146 https://oval. •