CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2008-1025
https://notcve.org/view.php?id=CVE-2008-1025
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple WebKit, como el que se utiliza en Safari anterior a 3.1.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección mediante una URL manipulada con una coma en la sección del nombre de máquina (hostname). • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://secunia.com/advisories/29846 http://secunia.com/advisories/31074 http://support.apple.com/kb/HT1467 http://www.kb.cert.org/vuls/id/705529 http://www.securityfocus.com/bid/28814 http://www.securitytracker.com/id?1019869 http://www.vupen.com/english/advisories/2008/1250/references http://www.vupen.com/english/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 58%CPEs: 3EXPL: 0CVE-2007-3944
https://notcve.org/view.php?id=CVE-2007-3944
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. Múltiples desbordamientos de búfer en la región heap de la memoria en la biblioteca de Perl Compatible Regular Expressions (PCRE) en el motor de JavaScript en WebKit en Apple Safari versión 3 Beta anterior al Update 3.0.3 y iPhone versiones anteriores a 1.0.1, permiten a atacantes remotos ejecutar código arbitrario por medio de cierto expresiones regulares de JavaScript. NOTA: este problema se reportó originalmente solo para MobileSafari en el iPhone. • http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://secunia.com/advisories/26287 http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin http://www.securityevaluators.com/iphone http://www.securityevaluators.com/iphone/exploitingiphone.pdf http://www.securityfocus.com/bid/25002 http://www.securitytracker.com/id?1018439 http://www.vupen.com/english/advisories/2007& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 34%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el atributo ROWSPAN, como se demostró con un caida de OmniWeb 5.5.3 sobre Mac OS X 10.4.8, una vulnerabilidad diferente que la CVE-2006-2019. • https://www.exploit-db.com/exploits/29461 http://security-protocols.com/sp-x41-advisory.php http://www.securityfocus.com/bid/22059 • CWE-399: Resource Management Errors •