Page 2 of 12 results (0.009 seconds)

CVSS: 9.3EPSS: 40%CPEs: 6EXPL: 5

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. El desbordamiento del búfer en el control ActiveX de Yahoo! Webcam Viewer en ywcvwr.dll versión 2.0.1.4 para Yahoo! • https://www.exploit-db.com/exploits/4043 https://www.exploit-db.com/exploits/4052 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html http://messenger.yahoo.com/security_update.php?id=060707 http://osvdb.org/37081 http://research.eeye.com/html/advisories/published/AD20070608.html http://research.eeye.com/html/advisories/upcoming/20070605.html http://secunia.com/advisories/25547 http://securitytracker.com/id?1018204 http://www.kb.cert.org/vuls/id/932217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 4%CPEs: 24EXPL: 0

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad no especificada en la funcionalidad Chat Room en Yahoo! Messenger 8.1.0.239 y anteriores permite a atacantes remotos provocar denegación de servicio a través de vectores no especificado. • http://osvdb.org/34696 http://www.securityfocus.com/bid/22407 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de Contacto en Yahoo! Messenger 8.1.0.209 y anteriores permite a atacantes remotos con la intervención del usuario inyectar secuencias de comandos web o HTML de su elección a través de un URI javascript: en el atributo SRC de un elemento IMG en los campos (1) Nombre (First Name), (2) Apellido (Last Name), y (3) Apodo (Nickname). • https://www.exploit-db.com/exploits/29531 http://osvdb.org/31674 http://secunia.com/advisories/23928 http://www.securityfocus.com/archive/1/458225/100/0/threaded http://www.securityfocus.com/archive/1/458305/100/0/threaded http://www.securityfocus.com/archive/1/458494/100/0/threaded http://www.securityfocus.com/bid/22269 •

CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Desbordamiento de búfer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar código de su elección a través de un documento HTML manipulado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://messenger.yahoo.com/security_update.php?id=120806 http://secunia.com/advisories/23401 http://securitytracker.com/id?1017387 http://www.kb.cert.org/vuls/id/901852 http://www.securityfocus.com/bid/21607 http://www.vupen.com/english/advisories/2006/5016 •

CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 2

Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. • https://www.exploit-db.com/exploits/25196 http://seclists.org/lists/fulldisclosure/2005/Mar/0284.html http://www.securityfocus.com/bid/12750 •