CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3274
https://notcve.org/view.php?id=CVE-2007-3274
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. Apple Safari 2.0 y 2.0.1 para Windows XP SP2 permite a atacantes provocar una denegación de servicio (cierre de aplicación) mediante un código JavaScript que establece la variable document.location, como se ha demostrado con un valor vacío para document.location. • http://osvdb.org/38863 http://securityreason.com/securityalert/2810 http://www.securityfocus.com/archive/1/471542/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34912 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que se activa después que el usuario se haya movido de la página actual . • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/36605 http://securitytracker.com/id?1018238 http://www.securityfocus.com/archive/1/471255/100/0/threaded http://www.securityfocus.com/archive/1/471266/100/0/threaded http://www.securityfocus.com/bid/24457 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3187
https://notcve.org/view.php?id=CVE-2007-3187
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en Apple Safari para Windows permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección, posiblemente involucrando corrupción de memoria, y un problema diferente de CVE-2007-3185 y CVE-2007-3186. NOTA: a fecha de 12/06/2007, la revelación original no tiene información útil. • http://erratasec.blogspot.com/2007/06/niiiice.html http://osvdb.org/38543 http://securitytracker.com/id?1018223 https://exchange.xforce.ibmcloud.com/vulnerabilities/34978 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3185
https://notcve.org/view.php?id=CVE-2007-3185
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. Apple Safari versión 3.0.1 Beta para Windows beta pública, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de manipulaciones DHTML no especificadas que desencadenan una corrupción de memoria, como es demostrado usando Hamachi. • http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/38541 http://www.securityfocus.com/bid/24433 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34846 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 76%CPEs: 8EXPL: 1CVE-2007-3186 – Apple Safari 3 for Windows - Protocol Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3186
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari Beta versión 3.0.1 para Windows permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en un URI en el SRC de un IFRAME, como se muestra mediante un URI gopher. • https://www.exploit-db.com/exploits/30176 http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours http://larholm.com/2007/06/14/safari-301-released http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html http://osvdb.org/38542 http://www.securityfocus.com/archive/1/471176/100/0/threaded http://www.securityfocus.com/bid/24434 http://www.securitytracker.com/id?1 • CWE-264: Permissions, Privileges, and Access Controls •