CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1527
https://notcve.org/view.php?id=CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. • http://marc.info/?l=bugtraq&m=110053968530613&w=2 http://secunia.com/advisories/13208 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html http://www.securityfocus.com/bid/11680 https://exchange.xforce.ibmcloud.com/vulnerabilities/18073 •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 3CVE-2004-2291 – Microsoft Internet Explorer - Remote Application.Shell
https://notcve.org/view.php?id=CVE-2004-2291
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 http://www.securityfocus.com/archive/1/348688 http://www.securityfocus.com/bid/9335 •
CVSS: 5.1EPSS: 81%CPEs: 5EXPL: 2CVE-2004-2383 – Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage
https://notcve.org/view.php?id=CVE-2004-2383
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE. • https://www.exploit-db.com/exploits/23766 http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/9761 https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1198
https://notcve.org/view.php?id=CVE-2004-1198
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html http://www.securityfocus.com/archive/1/382257 http://www.securityfocus.com/bid/11751 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 •
CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 2CVE-2004-1166 – Microsoft Internet Explorer 5.0.1 - FTP URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1166
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24800 http://marc.info/?l=bugtraq&m=110253463305359&w=2 http://secunia.com/advisories/13404 http://secunia.com/advisories/29346 http://securitytracker.com/id?1012444 http://www.osvdb.org/12299 http://www.rapid7.com/advisories/R7-0032.jsp http://www.securityfocus.com/archive/1/489500/100/0/threaded http://www.securityfocus.com/bid/11826 http://www.securityfocus.com/bid/28208 http://www.vupen.com/english/advisories/2006/3212 ht • CWE-94: Improper Control of Generation of Code ('Code Injection') •