Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:safari:3.0.0b
There are 1,132 matching records.
Displaying matches 1,121 through 1,132.
Vuln ID Summary CVSS Severity
CVE-2007-3742

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3743

Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3482

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.

Published: June 28, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-3186

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

Published: June 12, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

Published: May 09, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2007-2175

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

Published: April 24, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2007-2163

Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

Published: April 22, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0646

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

Published: January 31, 2007; 7:28:00 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-0478

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

Published: January 24, 2007; 7:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

Published: August 19, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

Published: August 19, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2005-2522

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

Published: August 19, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM