CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1006
https://notcve.org/view.php?id=CVE-2008-1006
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webcore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección empleando la función windows.open para cambiar el contexto de seguridad de una página web. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28332 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1002
https://notcve.org/view.php?id=CVE-2008-1002
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari antes de 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un javascript: URL manipulado. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.kb.cert.org/vuls/id/766019 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28328 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 12%CPEs: 16EXPL: 0CVE-2008-1010
https://notcve.org/view.php?id=CVE-2008-1010
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. Desbordamiento de búfer en WebKit, usado en Apple Safari anterior a 3.1, permite a atacantes remotos ejecutar secuencias de comandos de su elección a través de expresiones regulares Javascript manipuladas. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://secunia.com/advisories/29924 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28338 http://www.securitytracker.com/id?1019654 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vulnerabilities&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 4%CPEs: 6EXPL: 3CVE-2008-0298 – Apple Safari 2.0.4 - KHTML WebKit Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0298
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. KHTML WebKit como el utilizado en Apple Safari 2.x permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante una página web manipulada, posiblemente implicando un atributo STYLE en una elemento DIV. • https://www.exploit-db.com/exploits/31021 http://securityreason.com/securityalert/3549 http://www.s21sec.com/avisos/s21sec-039-en.txt http://www.securityfocus.com/archive/1/486202/100/0/threaded http://www.securityfocus.com/bid/27261 https://exchange.xforce.ibmcloud.com/vulnerabilities/39635 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6592
https://notcve.org/view.php?id=CVE-2007-6592
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Apple Safari 2, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos los nombres de dominios en los campos subjectAltName:dNSName, lo cual facilita a los atacantes remotos engañar al usuario para que acepte un certificado inválido para un sitio web falso. • http://nils.toedtmann.net/pub/subjectAltName.txt http://securityreason.com/securityalert/3498 http://www.securityfocus.com/archive/1/483929/100/100/threaded http://www.securityfocus.com/archive/1/483937/100/100/threaded •