CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3759
https://notcve.org/view.php?id=CVE-2007-3759
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. Safari en Apple iPhone 1.1.1, cuando se solicita deshabilitar Javascript, no lo deshabilita hasta que Safari se reinicia, lo cual podría dejar a Safari abierto a ataques que el usuario no espere. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38532 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25853 https://exchange.xforce.ibmcloud.com/vulnerabilities/36858 • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3761
https://notcve.org/view.php?id=CVE-2007-3761
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Safari de Apple iPhone 1.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección provocando que eventos Javascript sean aplicados a un marco (frame) en otro dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38530 http://secunia.com/advisories/26983 http://www.securityfocus.com/bid/25851 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3753
https://notcve.org/view.php?id=CVE-2007-3753
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes físicamente próximos provocar una denegación de servicio (terminación de la aplicación) y ejecutar código de su elección mediante paquetes SDP (Service Discovery Protocol), relacionado con una validación insuficiente de la entrada. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38538 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25855 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36844 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3754
https://notcve.org/view.php?id=CVE-2007-3754
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. Mail en Apple iPhone 1.1.1, al usar SSL, no avisa al usuario cuando el servidor de correo cambia o no es confiable, lo cual permite a atacantes remotos robar credenciales y leer correos electrónicos mediante un ataque de hombre en el medio (MITM, man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38537 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25856 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36845 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3755
https://notcve.org/view.php?id=CVE-2007-3755
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. Mail en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario forzar al usuario del iPhone a hacer llamadas a números de teléfono de su elección mediante un enlace "tel:", lo cual no informa al usuario antes de marcar el número. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38536 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25862 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36853 • CWE-20: Improper Input Validation •