CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4424
https://notcve.org/view.php?id=CVE-2007-4424
18 Aug 2007 — Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. Apple Safari... • http://securityreason.com/securityalert/3022 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-3742
https://notcve.org/view.php?id=CVE-2007-3742
03 Aug 2007 — WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International D... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-16: Configuration CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3743
https://notcve.org/view.php?id=CVE-2007-3743
03 Aug 2007 — Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. Desbordamiento de búfer basado en pila en la gestión de marcadores de Apple Safari 3 Beta anterior a la actualización 3.0.3 en Windows permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída de la aplicación) o ejecu... • http://docs.info.apple.com/article.html?artnum=306174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 74%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2007-2843 – Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2843
24 May 2007 — Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Vulnerabilidad de dominios cruzados en el Apple Safari 2.0.4 permite a atacantes remotos el acceso a información restringida desde otros dominios mediante Javascript, como lo demostrado mediante la secuencia de comandos js que... • https://www.exploit-db.com/exploits/30078 •
CVSS: 7.1EPSS: 14%CPEs: 1EXPL: 1CVE-2007-0644 – Apple Mac OSX 10.4.x - Safari window.console.log Format String
https://notcve.org/view.php?id=CVE-2007-0644
01 Feb 2007 — Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. vulnerabilidad de cadena de formato en el Apple Safari 2.0.4 (419.3) permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) mediante los requisitos de la cadena de formato en los nombres de... • https://www.exploit-db.com/exploits/29555 •
CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
18 Jan 2007 — WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el ... • https://www.exploit-db.com/exploits/29461 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2006-6238
https://notcve.org/view.php?id=CVE-2006-6238
03 Dec 2006 — The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. La caraterística AutoFill de Apple Safari 2.0.4 no verifica de forma adecuada que todos los campos poblados del formulario sean visibles al usuario, lo cual permite a un atacante remoto obtener información sensible, co... • http://secunia.com/advisories/23066 •
CVSS: 8.8EPSS: 23%CPEs: 10EXPL: 3CVE-2006-3946
https://notcve.org/view.php?id=CVE-2006-3946
31 Jul 2006 — WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. WebCore en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes remotos provocar una ... • http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4CVE-2006-3372 – Apple Safari Web Browser 2.0.4 - DHTML SetAttributeNode() Null Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2006-3372
06 Jul 2006 — Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. Apple Safari 2.0.4/419.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante una llamada a la función DHTML setAttributeNode sin argumentos, que desemboca en una referencia nula. • https://www.exploit-db.com/exploits/28165 •