CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que se activa después que el usuario se haya movido de la página actual . • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/36605 http://securitytracker.com/id?1018238 http://www.securityfocus.com/archive/1/471255/100/0/threaded http://www.securityfocus.com/archive/1/471266/100/0/threaded http://www.securityfocus.com/bid/24457 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección, posiblemente involucrando corrupción de memoria, y un problema diferente de CVE-2007-3185 y CVE-2007-3186. NOTA: a fecha de 12/06/2007, la revelación original no tiene información útil. • http://erratasec.blogspot.com/2007/06/niiiice.html http://osvdb.org/38543 http://securitytracker.com/id?1018223 https://exchange.xforce.ibmcloud.com/vulnerabilities/34978 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3185
https://notcve.org/view.php?id=CVE-2007-3185
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. Apple Safari versión 3.0.1 Beta para Windows beta pública, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de manipulaciones DHTML no especificadas que desencadenan una corrupción de memoria, como es demostrado usando Hamachi. • http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/38541 http://www.securityfocus.com/bid/24433 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34846 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 76%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours http://larholm.com/2007/06/14/safari-301-released http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html http://osvdb.org/38542 http://www.securityfocus.com/archive/1/471176/100/0/threaded http://www.securityfocus.com/bid/24434 http://www.securitytracker.com/id?1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2843 – Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2843
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Vulnerabilidad de dominios cruzados en el Apple Safari 2.0.4 permite a atacantes remotos el acceso a información restringida desde otros dominios mediante Javascript, como lo demostrado mediante la secuencia de comandos js que accede a la localización de la información de las páginas web de los dominios cruzados, probablemente implicando a los eventos setTimeout y timed. • https://www.exploit-db.com/exploits/30078 http://osvdb.org/38859 http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html http://www.securityfocus.com/bid/24121 http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing •