CVSS: 9.1EPSS: 8%CPEs: 29EXPL: 1CVE-2005-4827
https://notcve.org/view.php?id=CVE-2005-4827
31 Dec 2005 — Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. • http://seclists.org/fulldisclosure/2007/Feb/0081.html •
CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2005-3240
https://notcve.org/view.php?id=CVE-2005-3240
31 Dec 2005 — Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4679
https://notcve.org/view.php?id=CVE-2005-4679
31 Dec 2005 — Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. • http://secunia.com/advisories/17565 •
CVSS: 5.5EPSS: 6%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
31 Dec 2005 — Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-4269
https://notcve.org/view.php?id=CVE-2005-4269
15 Dec 2005 — mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in Info... • http://support.microsoft.com/kb/908233 •
CVSS: 8.8EPSS: 96%CPEs: 11EXPL: 0CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio... • http://secunia.com/advisories/15368 •
CVSS: 7.8EPSS: 94%CPEs: 4EXPL: 0CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
14 Dec 2005 — Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la interven... • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 •
CVSS: 5.9EPSS: 85%CPEs: 4EXPL: 0CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 •
CVSS: 7.5EPSS: 94%CPEs: 3EXPL: 2CVE-2005-4089
https://notcve.org/view.php?id=CVE-2005-4089
08 Dec 2005 — Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." • http://secunia.com/advisories/17564 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 6%CPEs: 4EXPL: 0CVE-2005-2126
https://notcve.org/view.php?id=CVE-2005-2126
21 Oct 2005 — The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. • http://secunia.com/advisories/17163 •