CVSS: 9.8EPSS: 10%CPEs: 9EXPL: 0CVE-2007-4041
https://notcve.org/view.php?id=CVE-2007-4041
27 Jul 2007 — Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Mozilla Firefox 2.0.0.5 y 3.0alpha permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs... • http://www.kb.cert.org/vuls/id/783400 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 57%CPEs: 43EXPL: 11CVE-2007-1765 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-1765
30 Mar 2007 — Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad n... • https://www.exploit-db.com/exploits/3684 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 1CVE-2006-7029
https://notcve.org/view.php?id=CVE-2006-7029
23 Feb 2007 — Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. Microsoft Internet Explorer 6 SP2 y anteriores permite a atacantes remotos provocar denegación de servicio (caida) a través de un frameset con solamente un frame que llama a resizeTo con ciertos argumentos. NOTA: Este asunto podría estar relacionado con CVE-2006-3637. • http://www.securityfocus.com/archive/1/434742/30/4830/threaded •
CVSS: 6.5EPSS: 25%CPEs: 13EXPL: 1CVE-2006-7031 – Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service
https://notcve.org/view.php?id=CVE-2006-7031
23 Feb 2007 — Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. Microsoft Internet Explorer 6.0.2900 SP2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un elemento tabla con un atributo CSS que fija la posición, lo cual dispara una "excepción no manejada" en mshtml.dll. • https://www.exploit-db.com/exploits/1775 •
CVSS: 9.3EPSS: 55%CPEs: 2EXPL: 0CVE-2007-0099
https://notcve.org/view.php?id=CVE-2007-0099
08 Jan 2007 — Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerabi... • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 65%CPEs: 1EXPL: 0CVE-2006-5581 – Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-5581
12 Dec 2006 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección a través de determinadas funciones DHTML , como la "normalize", y "elementos creados incorrect... • http://secunia.com/advisories/23288 •
CVSS: 5.0EPSS: 14%CPEs: 2EXPL: 3CVE-2006-6310 – Microsoft Internet Explorer 6 - Frame Src Denial of Service
https://notcve.org/view.php?id=CVE-2006-6310
06 Dec 2006 — Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Internet Explorer 6.0 SP1 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) mediante un valor del atributo src inválido ("?")... • https://www.exploit-db.com/exploits/29229 •
CVSS: 4.3EPSS: 24%CPEs: 2EXPL: 0CVE-2006-2384
https://notcve.org/view.php?id=CVE-2006-2384
13 Jun 2006 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." • http://secunia.com/advisories/20595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 29%CPEs: 66EXPL: 2CVE-2006-0585
https://notcve.org/view.php?id=CVE-2006-0585
08 Feb 2006 — jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. • http://securitytracker.com/id?1015559 •
CVSS: 7.1EPSS: 12%CPEs: 1EXPL: 0CVE-2005-4844
https://notcve.org/view.php?id=CVE-2005-4844
31 Dec 2005 — The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •