CVSS: 9.8EPSS: 12%CPEs: 6EXPL: 3CVE-2004-2291 – Microsoft Internet Explorer - Remote Application.Shell
https://notcve.org/view.php?id=CVE-2004-2291
31 Dec 2004 — Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2011
https://notcve.org/view.php?id=CVE-2004-2011
31 Dec 2004 — msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. • http://marc.info/?l=bugtraq&m=108422549617947&w=2 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1416
https://notcve.org/view.php?id=CVE-2004-1416
31 Dec 2004 — pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. • http://marc.info/?l=bugtraq&m=110374765215675&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 2CVE-2004-2307
https://notcve.org/view.php?id=CVE-2004-2307
31 Dec 2004 — Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. • http://www.securityfocus.com/archive/1/358043 •
CVSS: 4.3EPSS: 29%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
31 Dec 2004 — Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html •
CVSS: 7.5EPSS: 87%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
30 Dec 2004 — Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1198
https://notcve.org/view.php?id=CVE-2004-1198
15 Dec 2004 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1173
https://notcve.org/view.php?id=CVE-2004-1173
15 Dec 2004 — Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. • http://marc.info/?l=bugtraq&m=110271114525795&w=2 •
CVSS: 7.5EPSS: 33%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •
CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 2CVE-2004-1166 – Microsoft Internet Explorer 5.0.1 - FTP URI Arbitrary FTP Server Command Execution
https://notcve.org/view.php?id=CVE-2004-1166
10 Dec 2004 — CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24800 • CWE-94: Improper Control of Generation of Code ('Code Injection') •