CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1006
https://notcve.org/view.php?id=CVE-2008-1006
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webcore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección empleando la función windows.open para cambiar el contexto de seguridad de una... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1005
https://notcve.org/view.php?id=CVE-2008-1005
19 Mar 2008 — WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. Webcore, usado en Apple Safaru anterior a 3.1, no oculta adecuadamente el campo de contraseña cuando una conversión inversa es usada con el método Kotoeri, puede permitir que atacantes que se encuentren cerca del ordenador lean la contraseña. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1009
https://notcve.org/view.php?id=CVE-2008-1009
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, como se usa en Apple Safari antes de 3.1, permite a atacantes remotos inyectar Javascript de su elección modificando el objeto history. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1003
https://notcve.org/view.php?id=CVE-2008-1003
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de vectores desconocidos en relación a s... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 9%CPEs: 16EXPL: 0CVE-2008-1010
https://notcve.org/view.php?id=CVE-2008-1010
19 Mar 2008 — Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. Desbordamiento de búfer en WebKit, usado en Apple Safari anterior a 3.1, permite a atacantes remotos ejecutar secuencias de comandos de su elección a través de expresiones regulares Javascript manipuladas. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 5%CPEs: 6EXPL: 3CVE-2008-0298 – Apple Safari 2.0.4 - KHTML WebKit Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0298
16 Jan 2008 — KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. KHTML WebKit como el utilizado en Apple Safari 2.x permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante una página web manipulada, posiblemente implicando un atributo STYLE en una elemento DIV. • https://www.exploit-db.com/exploits/31021 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6592
https://notcve.org/view.php?id=CVE-2007-6592
28 Dec 2007 — Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Apple Safari 2, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos ... • http://nils.toedtmann.net/pub/subjectAltName.txt •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
15 Nov 2007 — Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
15 Nov 2007 — The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 9%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
27 Sep 2007 — Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, pe... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •