CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2007-2400
https://notcve.org/view.php?id=CVE-2007-2400
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Una condición de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remotos omitir el modelo de seguridad de Java y modificar páginas fuera del dominio de seguridad y conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados con la actualización de páginas y redireccionamientos de HTTP. • http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html http://osvdb.org/36452 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/289988 http://www.securityfocus.com/bid/24599 http://www.securitytracker.com/id?1018282 http://www.vupen.com/english/advisories/2007/2316 http://www.vupen.com/english/advisories/2007/2731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-2398
https://notcve.org/view.php?id=CVE-2007-2398
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el título de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elección estableciendo la barra de localización y usando el setTimeout() para la creación de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://osvdb.org/38862 http://support.apple.com/kb/HT1467 http://www.securityfocus.com/archive/1/471452/100/0/threaded http://www.securityfocus.com/archive/1/471454/100/0/threaded http://www.securityfocus.com/bid/24484 http://www.securitytracker.com/id?1018282 htt •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-3284 – Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2007-3284
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. corefoundation.dll en Apple Safari 3.0.1 (552.12.2) para Windows permite a atacantes remotos provocar una denegación de servicio (caída) mediante determinados formularios que disparan errores relacionados con el Historial, posiblemente involucrando múltiples campos del formulario con el mismo nombre. • https://www.exploit-db.com/exploits/30193 http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html http://osvdb.org/38869 http://www.securityfocus.com/bid/24497 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3274
https://notcve.org/view.php?id=CVE-2007-3274
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. Apple Safari 2.0 y 2.0.1 para Windows XP SP2 permite a atacantes provocar una denegación de servicio (cierre de aplicación) mediante un código JavaScript que establece la variable document.location, como se ha demostrado con un valor vacío para document.location. • http://osvdb.org/38863 http://securityreason.com/securityalert/2810 http://www.securityfocus.com/archive/1/471542/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34912 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2391
https://notcve.org/view.php?id=CVE-2007-2391
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Apple Safari Beta versión 3.0.1 para Windows permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una página web que incluye una función windows.setTimeout que se activa después que el usuario se haya movido de la página actual . • http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://osvdb.org/36605 http://securitytracker.com/id?1018238 http://www.securityfocus.com/archive/1/471255/100/0/threaded http://www.securityfocus.com/archive/1/471266/100/0/threaded http://www.securityfocus.com/bid/24457 http://www.vupen.com/english/advisories/2007/2192 https://exchange.xforce.ibmcloud.com/vulnerabilities/34847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •