CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3718
https://notcve.org/view.php?id=CVE-2007-3718
12 Jul 2007 — Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. Múltiples vulnerabilidades no especificadas en el motor de análisis SVG de Apple Safari 3 Beta para Windows tienen vectores de ataque remotos e impacto no especificados. NOTA: esta notificación no contiene información concreta, pero ha sido divulgado por un invest... • http://osvdb.org/38858 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3514
https://notcve.org/view.php?id=CVE-2007-3514
03 Jul 2007 — Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Vulnerabilidad de dominio cruzado en Apple Safari para Windows 3.0.2 permite a atacantes remotos evitar la Política de Mismo Origen y acceder a información restringida de otros... • http://osvdb.org/38861 •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 1CVE-2007-3376
https://notcve.org/view.php?id=CVE-2007-3376
25 Jun 2007 — Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. Desbordamiento de búfer en Apple Safari 3.0.2 en Windows XP SP2 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un valor lar... • http://marc.info/?l=full-disclosure&m=118278848816602&w=2 •
CVSS: 4.7EPSS: 1%CPEs: 6EXPL: 0CVE-2007-2400
https://notcve.org/view.php?id=CVE-2007-2400
25 Jun 2007 — Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Una condición de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remo... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-2398
https://notcve.org/view.php?id=CVE-2007-2398
21 Jun 2007 — Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el título de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de s... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-3284 – Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3284
19 Jun 2007 — corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. corefoundation.dll en Apple Safari 3.0.1 (552.12.2) para Windows permite a atacantes remotos provocar una denegación de servicio (caída) mediante determinados formularios que disparan errores relacionados con el Historial, posiblemente involucrando múltiples campos del... • https://www.exploit-db.com/exploits/30193 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3274
https://notcve.org/view.php?id=CVE-2007-3274
19 Jun 2007 — Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. Apple Safari 2.0 y 2.0.1 para Windows XP SP2 permite a atacantes provocar una denegación de servicio (cierre de aplicación) mediante un código JavaScript que establece la variable document.location, como se ha demostrado con un valor vacío para document.location. • http://osvdb.org/38863 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
14 Jun 2007 — Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que s... • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
12 Jun 2007 — Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite ... • http://erratasec.blogspot.com/2007/06/niiiice.html •
CVSS: 9.8EPSS: 72%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 • CWE-264: Permissions, Privileges, and Access Controls •