Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Safari  >> 0.9  Security Vulnerabilities
CVE-2008-4216
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
CVSS Score
4.3
EPSS Score
0.006
Published
2008-11-17
CVE-2008-1025
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
CVSS Score
4.3
EPSS Score
0.011
Published
2008-04-17
CVE-2008-1002
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
CVSS Score
4.3
EPSS Score
0.019
Published
2008-03-19
CVE-2008-1003
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-03-19
CVE-2008-1004
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-03-19
CVE-2008-1005
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
CVSS Score
2.1
EPSS Score
0.001
Published
2008-03-19
CVE-2008-1006
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-03-19
CVE-2008-1007
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVSS Score
4.3
EPSS Score
0.009
Published
2008-03-19
CVE-2008-1008
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-03-19
CVE-2008-1009
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
CVSS Score
4.3
EPSS Score
0.01
Published
2008-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved