CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
12 Jun 2007 — Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite ... • http://erratasec.blogspot.com/2007/06/niiiice.html •
CVSS: 9.8EPSS: 72%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3185
https://notcve.org/view.php?id=CVE-2007-3185
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. Apple Safari versión 3.0.1 Beta para Windows beta pública, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de manipulaciones DHTML no especificadas que desencadenan una corrupción de memoria, como es demostrado usando Hamachi. • http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2007-2843 – Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2843
24 May 2007 — Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Vulnerabilidad de dominios cruzados en el Apple Safari 2.0.4 permite a atacantes remotos el acceso a información restringida desde otros dominios mediante Javascript, como lo demostrado mediante la secuencia de comandos js que... • https://www.exploit-db.com/exploits/30078 •
CVSS: 7.1EPSS: 14%CPEs: 1EXPL: 1CVE-2007-0644 – Apple Mac OSX 10.4.x - Safari window.console.log Format String
https://notcve.org/view.php?id=CVE-2007-0644
01 Feb 2007 — Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. vulnerabilidad de cadena de formato en el Apple Safari 2.0.4 (419.3) permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) mediante los requisitos de la cadena de formato en los nombres de... • https://www.exploit-db.com/exploits/29555 •
CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
18 Jan 2007 — WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el ... • https://www.exploit-db.com/exploits/29461 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2006-6238
https://notcve.org/view.php?id=CVE-2006-6238
03 Dec 2006 — The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. La caraterística AutoFill de Apple Safari 2.0.4 no verifica de forma adecuada que todos los campos poblados del formulario sean visibles al usuario, lo cual permite a un atacante remoto obtener información sensible, co... • http://secunia.com/advisories/23066 •
CVSS: 8.8EPSS: 23%CPEs: 10EXPL: 3CVE-2006-3946
https://notcve.org/view.php?id=CVE-2006-3946
31 Jul 2006 — WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. WebCore en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes remotos provocar una ... • http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4CVE-2006-3372 – Apple Safari Web Browser 2.0.4 - DHTML SetAttributeNode() Null Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2006-3372
06 Jul 2006 — Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. Apple Safari 2.0.4/419.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante una llamada a la función DHTML setAttributeNode sin argumentos, que desemboca en una referencia nula. • https://www.exploit-db.com/exploits/28165 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3224
https://notcve.org/view.php?id=CVE-2006-3224
26 Jun 2006 — Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. Apple Safari v2.0.3 (417.9.3) en Mac OS X v10.4.6 permite a atacantes remotos causar una denegación de servicio (consumo CPU) a través de Javascript con un bucle infinito. NOTA: esto podría ser argum... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046150.html •