CVSS: 6.5EPSS: 78%CPEs: 2EXPL: 3CVE-2006-1626 – Microsoft Internet Explorer 5 - Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2006-1626
05 Apr 2006 — Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. • https://www.exploit-db.com/exploits/27577 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 68%CPEs: 3EXPL: 1CVE-2006-1388 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1388
24 Mar 2006 — Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. • https://www.exploit-db.com/exploits/1838 •
CVSS: 9.8EPSS: 97%CPEs: 4EXPL: 6CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
23 Mar 2006 — Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 70%CPEs: 1EXPL: 2CVE-2006-1016 – Microsoft Internet Explorer - isComponentInstalled Overflow
https://notcve.org/view.php?id=CVE-2006-1016
07 Mar 2006 — Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. • https://www.exploit-db.com/exploits/16549 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2006-0830
https://notcve.org/view.php?id=CVE-2006-0830
21 Feb 2006 — The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. • http://www.securityfocus.com/archive/1/425283/100/0/threaded •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0CVE-2006-0799
https://notcve.org/view.php?id=CVE-2006-0799
19 Feb 2006 — Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. • http://www.osvdb.org/23609 •
CVSS: 6.5EPSS: 2%CPEs: 66EXPL: 2CVE-2006-0585
https://notcve.org/view.php?id=CVE-2006-0585
08 Feb 2006 — jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. • http://securitytracker.com/id?1015559 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-0057
https://notcve.org/view.php?id=CVE-2006-0057
27 Jan 2006 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. • http://www.kb.cert.org/vuls/id/998297 •
CVSS: 9.1EPSS: 8%CPEs: 29EXPL: 1CVE-2005-4827
https://notcve.org/view.php?id=CVE-2005-4827
31 Dec 2005 — Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. • http://seclists.org/fulldisclosure/2007/Feb/0081.html •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2005-4810
https://notcve.org/view.php?id=CVE-2005-4810
31 Dec 2005 — Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). • http://archives.neohapsis.com/archives/bugtraq/2005-07/0434.html •