CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) o ejecutar código arbitrario por medio de una URL diseñada que desencadena una corrupción de memoria en Safari. • http://docs.info.apple.com/article.html?artnum=307302 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28497 http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27296 http://www.securitytracker.com/id?1019220 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.c • CWE-399: Resource Management Errors •
CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener información confidencial. • http://docs.info.apple.com/article.html?artnum=307178 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307302 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28497 http://securitytracker.com/id?1019108 http://www.securityfocus.com/bid/26911 http://www.us-cert.gov/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5450 – Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak'
https://notcve.org/view.php?id=CVE-2007-5450
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file. Vulnerabilidad no especificada en Safari para el Apple iPod touch (también conocido como iTouch) y iPhone 1.1.1 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación), y habilitar la navegación del sistema de ficheros por parte del usuario local, mediante un determinado archivo TIFF. • https://www.exploit-db.com/exploits/4522 http://secunia.com/advisories/27213 http://www.toc2rta.com/?q=node/23 http://www.vupen.com/english/advisories/2007/3485 https://exchange.xforce.ibmcloud.com/vulnerabilities/37186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •