VYPR

Webcore

by Apple Inc.

CVEs (6)

  • CVE-2008-1005Mar 19, 2008
    risk 0.00cvss epss 0.00

    WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

  • CVE-2007-4695Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

  • CVE-2007-4697Nov 15, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

  • CVE-2007-2409Aug 3, 2007
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.

  • CVE-2007-2410Aug 3, 2007
    risk 0.00cvss epss 0.01

    WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

  • CVE-2007-0478Jan 25, 2007
    risk 0.00cvss epss 0.02

    WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an…