CVSS: 6.1EPSS: 7%CPEs: 12EXPL: 0CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
19 Dec 2007 — WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se p... • http://docs.info.apple.com/article.html?artnum=307178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 1CVE-2007-5450 – Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak'
https://notcve.org/view.php?id=CVE-2007-5450
14 Oct 2007 — Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file. Vulnerabilidad no especificada en Safari para el Apple iPod touch (también conocido como iTouch) y iPhone 1.1.1 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación), y habilitar la navegación de... • https://www.exploit-db.com/exploits/4522 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 9%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
27 Sep 2007 — Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, pe... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 6%CPEs: 16EXPL: 0CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
27 Sep 2007 — Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript pa... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
27 Sep 2007 — Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario ... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3761
https://notcve.org/view.php?id=CVE-2007-3761
27 Sep 2007 — Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Safari de Apple iPhone 1.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección provocando que eventos Javascript sean aplicados a un marco (frame) en otro dominio. • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3759
https://notcve.org/view.php?id=CVE-2007-3759
27 Sep 2007 — Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. Safari en Apple iPhone 1.1.1, cuando se solicita deshabilitar Javascript, no lo deshabilita hasta que Safari se reinicia, lo cual podría dejar a Safari abierto a ataques que el usuario no espere. • http://docs.info.apple.com/article.html?artnum=306586 • CWE-16: Configuration •
CVSS: 4.3EPSS: 5%CPEs: 16EXPL: 0CVE-2007-3756
https://notcve.org/view.php?id=CVE-2007-3756
27 Sep 2007 — Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos obtener información confidencial por me... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3755
https://notcve.org/view.php?id=CVE-2007-3755
27 Sep 2007 — Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. Mail en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario forzar al usuario del iPhone a hacer llamadas a números de teléfono de su elección mediante un enlace "tel:", lo cual no informa al usuario antes de marcar el número. • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3753
https://notcve.org/view.php?id=CVE-2007-3753
27 Sep 2007 — Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes físicamente próximos provocar una denegación de servicio (terminación de la aplicación) y ejecutar código de su elección mediante paquetes SDP (Service Discovery Protocol), relacionado c... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •