CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de etiquetas de trama. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25850 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos "alter or access" al contenido HTTPS por medio de una sesión HTTP con una página web diseñada que causa que Javascript sea aplicado a páginas HTTPS del mismo dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25852 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 16EXPL: 0CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript para las páginas web que están en un dominio diferente, el cual puede ser aprovechado para conducir ataques de tipo cross-site scripting (XSS). • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25857 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 0CVE-2007-3756
https://notcve.org/view.php?id=CVE-2007-3756
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos obtener información confidencial por medio de una página web diseñada que identifica la URL de la ventana principal, incluso cuando la ventana principal está en un dominio diferente. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25859 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 1CVE-2007-4812 – Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4812
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. Un desbordamiento de búfer en Apple Safari versión 3.0.3 522.15.5, y otras versiones anteriores a Beta Update 3.0.4, permite a atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente tener otro impacto no especificado al establecer document.location.hash en una cadena larga. NOTA: el bloqueo puede realmente ocurrir en el método alert. • https://www.exploit-db.com/exploits/30767 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://osvdb.org/43971 http://securityreason.com/securityalert/3111 http://www.securityfocus.com/archive/1/478802/100/0/threaded http://www.securityfocus.com/bid/26448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •