CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3185
https://notcve.org/view.php?id=CVE-2007-3185
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. Apple Safari versión 3.0.1 Beta para Windows beta pública, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de manipulaciones DHTML no especificadas que desencadenan una corrupción de memoria, como es demostrado usando Hamachi. • http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/38541 http://www.securityfocus.com/bid/24433 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34846 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 76%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours http://larholm.com/2007/06/14/safari-301-released http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html http://osvdb.org/38542 http://www.securityfocus.com/archive/1/471176/100/0/threaded http://www.securityfocus.com/bid/24434 http://www.securitytracker.com/id?1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2843 – Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2843
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Vulnerabilidad de dominios cruzados en el Apple Safari 2.0.4 permite a atacantes remotos el acceso a información restringida desde otros dominios mediante Javascript, como lo demostrado mediante la secuencia de comandos js que accede a la localización de la información de las páginas web de los dominios cruzados, probablemente implicando a los eventos setTimeout y timed. • https://www.exploit-db.com/exploits/30078 http://osvdb.org/38859 http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html http://www.securityfocus.com/bid/24121 http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing •
CVSS: 7.1EPSS: 14%CPEs: 1EXPL: 1CVE-2007-0644 – Apple Mac OSX 10.4.x - Safari window.console.log Format String
https://notcve.org/view.php?id=CVE-2007-0644
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. vulnerabilidad de cadena de formato en el Apple Safari 2.0.4 (419.3) permite a atacantes con la intervención del usuario provocar una denegación de servicio (caída) mediante los requisitos de la cadena de formato en los nombres de fichero (filenames) que no son correctamente manejados que se llaman a las funciones (1) NSLog y (2) NSBeginAlertSheet Apple AppKit. • https://www.exploit-db.com/exploits/29555 http://www.digitalmunition.com/MOAB-30-01-2007.html http://www.osvdb.org/32710 http://www.securityfocus.com/bid/22326 •
CVSS: 4.3EPSS: 34%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el atributo ROWSPAN, como se demostró con un caida de OmniWeb 5.5.3 sobre Mac OS X 10.4.8, una vulnerabilidad diferente que la CVE-2006-2019. • https://www.exploit-db.com/exploits/29461 http://security-protocols.com/sp-x41-advisory.php http://www.securityfocus.com/bid/22059 • CWE-399: Resource Management Errors •