CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-3284 – Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3284
19 Jun 2007 — corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. corefoundation.dll en Apple Safari 3.0.1 (552.12.2) para Windows permite a atacantes remotos provocar una denegación de servicio (caída) mediante determinados formularios que disparan errores relacionados con el Historial, posiblemente involucrando múltiples campos del... • https://www.exploit-db.com/exploits/30193 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3274
https://notcve.org/view.php?id=CVE-2007-3274
19 Jun 2007 — Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. Apple Safari 2.0 y 2.0.1 para Windows XP SP2 permite a atacantes provocar una denegación de servicio (cierre de aplicación) mediante un código JavaScript que establece la variable document.location, como se ha demostrado con un valor vacío para document.location. • http://osvdb.org/38863 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
14 Jun 2007 — Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que s... • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3185
https://notcve.org/view.php?id=CVE-2007-3185
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. Apple Safari versión 3.0.1 Beta para Windows beta pública, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de manipulaciones DHTML no especificadas que desencadenan una corrupción de memoria, como es demostrado usando Hamachi. • http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 72%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
12 Jun 2007 — Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
12 Jun 2007 — Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite ... • http://erratasec.blogspot.com/2007/06/niiiice.html •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2007-2843 – Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2843
24 May 2007 — Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Vulnerabilidad de dominios cruzados en el Apple Safari 2.0.4 permite a atacantes remotos el acceso a información restringida desde otros dominios mediante Javascript, como lo demostrado mediante la secuencia de comandos js que... • https://www.exploit-db.com/exploits/30078 •
CVSS: 7.1EPSS: 14%CPEs: 1EXPL: 1CVE-2007-0644 – Apple Mac OSX 10.4.x - Safari window.console.log Format String
https://notcve.org/view.php?id=CVE-2007-0644
01 Feb 2007 — Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. vulnerabilidad de cadena de formato en el Apple Safari 2.0.4 (419.3) permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) mediante los requisitos de la cadena de formato en los nombres de... • https://www.exploit-db.com/exploits/29555 •
CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
18 Jan 2007 — WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el ... • https://www.exploit-db.com/exploits/29461 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2006-6238
https://notcve.org/view.php?id=CVE-2006-6238
03 Dec 2006 — The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. La caraterística AutoFill de Apple Safari 2.0.4 no verifica de forma adecuada que todos los campos poblados del formulario sean visibles al usuario, lo cual permite a un atacante remoto obtener información sensible, co... • http://secunia.com/advisories/23066 •