CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0768 – Yahoo! Messenger 8.0 - Notification Message HTML Injection
https://notcve.org/view.php?id=CVE-2007-0768
06 Feb 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de ... • https://www.exploit-db.com/exploits/29531 •
CVSS: 9.3EPSS: 6%CPEs: 7EXPL: 0CVE-2006-6603
https://notcve.org/view.php?id=CVE-2006-6603
15 Dec 2006 — Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Desbordamiento de búfer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar código de su elección a través de un documento HTML manipulado. • http://messenger.yahoo.com/security_update.php?id=120806 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2004-0043
https://notcve.org/view.php?id=CVE-2004-0043
14 Jan 2004 — Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. Desbordamiento de búfer en Yahoo Instant Messenger 5.6.0.1351 y anteriores permite que atacantes remotos provoquen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante un nombre de fichero largo en la opción de descarga. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015334.html •