CVSS: 4.3EPSS: 2%CPEs: 12EXPL: 0CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener información confidencial. • http://docs.info.apple.com/article.html?artnum=307178 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307302 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28497 http://securitytracker.com/id?1019108 http://www.securityfocus.com/bid/26911 http://www.us-cert.gov/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3759
https://notcve.org/view.php?id=CVE-2007-3759
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. Safari en Apple iPhone 1.1.1, cuando se solicita deshabilitar Javascript, no lo deshabilita hasta que Safari se reinicia, lo cual podría dejar a Safari abierto a ataques que el usuario no espere. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38532 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25853 https://exchange.xforce.ibmcloud.com/vulnerabilities/36858 • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3761
https://notcve.org/view.php?id=CVE-2007-3761
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Safari de Apple iPhone 1.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección provocando que eventos Javascript sean aplicados a un marco (frame) en otro dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38530 http://secunia.com/advisories/26983 http://www.securityfocus.com/bid/25851 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3757
https://notcve.org/view.php?id=CVE-2007-3757
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. Safari en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario engañar al usuario del iPhone para que haga llamadas a números de teléfono de su elección mediante un enlace "tel:" manipulado artesanalmente que provoca que el iPhone muestre un número diferente del que está siendo marcado. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38534 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25854 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36856 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3753
https://notcve.org/view.php?id=CVE-2007-3753
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes físicamente próximos provocar una denegación de servicio (terminación de la aplicación) y ejecutar código de su elección mediante paquetes SDP (Service Discovery Protocol), relacionado con una validación insuficiente de la entrada. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38538 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25855 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36844 • CWE-20: Improper Input Validation •