CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3759
https://notcve.org/view.php?id=CVE-2007-3759
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. Safari en Apple iPhone 1.1.1, cuando se solicita deshabilitar Javascript, no lo deshabilita hasta que Safari se reinicia, lo cual podría dejar a Safari abierto a ataques que el usuario no espere. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38532 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25853 https://exchange.xforce.ibmcloud.com/vulnerabilities/36858 • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3761
https://notcve.org/view.php?id=CVE-2007-3761
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Safari de Apple iPhone 1.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección provocando que eventos Javascript sean aplicados a un marco (frame) en otro dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38530 http://secunia.com/advisories/26983 http://www.securityfocus.com/bid/25851 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3757
https://notcve.org/view.php?id=CVE-2007-3757
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. Safari en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario engañar al usuario del iPhone para que haga llamadas a números de teléfono de su elección mediante un enlace "tel:" manipulado artesanalmente que provoca que el iPhone muestre un número diferente del que está siendo marcado. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38534 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25854 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36856 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3753
https://notcve.org/view.php?id=CVE-2007-3753
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes físicamente próximos provocar una denegación de servicio (terminación de la aplicación) y ejecutar código de su elección mediante paquetes SDP (Service Discovery Protocol), relacionado con una validación insuficiente de la entrada. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38538 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25855 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36844 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3755
https://notcve.org/view.php?id=CVE-2007-3755
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. Mail en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario forzar al usuario del iPhone a hacer llamadas a números de teléfono de su elección mediante un enlace "tel:", lo cual no informa al usuario antes de marcar el número. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38536 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25862 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36853 • CWE-20: Improper Input Validation •