CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-2398
https://notcve.org/view.php?id=CVE-2007-2398
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el título de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elección estableciendo la barra de localización y usando el setTimeout() para la creación de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://osvdb.org/38862 http://support.apple.com/kb/HT1467 http://www.securityfocus.com/archive/1/471452/100/0/threaded http://www.securityfocus.com/archive/1/471454/100/0/threaded http://www.securityfocus.com/bid/24484 http://www.securitytracker.com/id?1018282 htt •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-3284 – Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3284
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. corefoundation.dll en Apple Safari 3.0.1 (552.12.2) para Windows permite a atacantes remotos provocar una denegación de servicio (caída) mediante determinados formularios que disparan errores relacionados con el Historial, posiblemente involucrando múltiples campos del formulario con el mismo nombre. • https://www.exploit-db.com/exploits/30193 http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html http://osvdb.org/38869 http://www.securityfocus.com/bid/24497 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3274
https://notcve.org/view.php?id=CVE-2007-3274
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. Apple Safari 2.0 y 2.0.1 para Windows XP SP2 permite a atacantes provocar una denegación de servicio (cierre de aplicación) mediante un código JavaScript que establece la variable document.location, como se ha demostrado con un valor vacío para document.location. • http://osvdb.org/38863 http://securityreason.com/securityalert/2810 http://www.securityfocus.com/archive/1/471542/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34912 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que se activa después que el usuario se haya movido de la página actual . • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/36605 http://securitytracker.com/id?1018238 http://www.securityfocus.com/archive/1/471255/100/0/threaded http://www.securityfocus.com/archive/1/471266/100/0/threaded http://www.securityfocus.com/bid/24457 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección, posiblemente involucrando corrupción de memoria, y un problema diferente de CVE-2007-3185 y CVE-2007-3186. NOTA: a fecha de 12/06/2007, la revelación original no tiene información útil. • http://erratasec.blogspot.com/2007/06/niiiice.html http://osvdb.org/38543 http://securitytracker.com/id?1018223 https://exchange.xforce.ibmcloud.com/vulnerabilities/34978 •