Page 10 of 67 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de Contacto en Yahoo! Messenger 8.1.0.209 y anteriores permite a atacantes remotos con la intervención del usuario inyectar secuencias de comandos web o HTML de su elección a través de un URI javascript: en el atributo SRC de un elemento IMG en los campos (1) Nombre (First Name), (2) Apellido (Last Name), y (3) Apodo (Nickname). • https://www.exploit-db.com/exploits/29531 http://osvdb.org/31674 http://secunia.com/advisories/23928 http://www.securityfocus.com/archive/1/458225/100/0/threaded http://www.securityfocus.com/archive/1/458305/100/0/threaded http://www.securityfocus.com/archive/1/458494/100/0/threaded http://www.securityfocus.com/bid/22269 •

CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Desbordamiento de búfer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar código de su elección a través de un documento HTML manipulado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://messenger.yahoo.com/security_update.php?id=120806 http://secunia.com/advisories/23401 http://securitytracker.com/id?1017387 http://www.kb.cert.org/vuls/id/901852 http://www.securityfocus.com/bid/21607 http://www.vupen.com/english/advisories/2006/5016 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidad no especificada en Yahoo! Messenger (Service 18) anterior a 8.1.0.195 permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de aplicación) mediante un nombre de sala manipulado en una Invitación de Conferencia. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0518.html http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0566.html http://secunia.com/advisories/22510 http://www.securityfocus.com/archive/1/449667/100/0/threaded http://www.securityfocus.com/bid/20625 http://www.vupen.com/english/advisories/2006/4193 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1

Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. Yahoo! Messenger para WAP permite guardar mensajes que contienen JavaScript, lo cual permite a atacantes con la complicidad del usuario inyectar secuencias de comandos web o HTML de su elección a través de una URL en el servicio en linea. • http://advisories.echo.or.id/adv/adv47-theday-2006.txt http://securityreason.com/securityalert/1626 http://www.securityfocus.com/archive/1/446414/100/0/threaded •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 3

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. Yahoo! Messenger v7.5.0.814 y v7.0.438 permite a atacantes remotos provocar una denegación de servicio (caída) a través de mensajes que contiene caracteres non-ASCII, lo que provoca la caída en jscript.dll. • https://www.exploit-db.com/exploits/28099 http://secunia.com/advisories/20773 http://www.security.nnov.ru/Gnews281.html http://www.securityfocus.com/bid/18622 https://exchange.xforce.ibmcloud.com/vulnerabilities/27319 •