Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1376 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||||
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
| CVE-2004-1922 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. | |||||
| CVE-2004-2090 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | |||||
| CVE-2004-2219 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | |||||
| CVE-2004-2291 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. | |||||
| CVE-2004-2383 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE. | |||||
| CVE-2005-0053 | 1 Microsoft | 8 Ie, Internet Explorer, Windows 2000 and 5 more | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | |||||
| CVE-2005-0055 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | |||||
| CVE-2005-0500 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | |||||
| CVE-2005-0553 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". | |||||
| CVE-2005-0554 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." | |||||
| CVE-2005-0555 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." | |||||
| CVE-2005-2274 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2005-2304 | 1 Microsoft | 2 Internet Explorer, Live Messenger | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. | |||||
| CVE-2005-2829 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." | |||||
| CVE-2005-2830 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." | |||||
| CVE-2005-2831 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | |||||
| CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | |||||
| CVE-2005-3312 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
| The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. | |||||