Page 2 of 15 results (0.002 seconds)

CVSS: 9.3EPSS: 40%CPEs: 6EXPL: 5

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. El desbordamiento del búfer en el control ActiveX de Yahoo! Webcam Viewer en ywcvwr.dll versión 2.0.1.4 para Yahoo! • https://www.exploit-db.com/exploits/4043 https://www.exploit-db.com/exploits/4052 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html http://messenger.yahoo.com/security_update.php?id=060707 http://osvdb.org/37081 http://research.eeye.com/html/advisories/published/AD20070608.html http://research.eeye.com/html/advisories/upcoming/20070605.html http://secunia.com/advisories/25547 http://securitytracker.com/id?1018204 http://www.kb.cert.org/vuls/id/932217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 4%CPEs: 24EXPL: 0

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad no especificada en la funcionalidad Chat Room en Yahoo! Messenger 8.1.0.239 y anteriores permite a atacantes remotos provocar denegación de servicio a través de vectores no especificado. • http://osvdb.org/34696 http://www.securityfocus.com/bid/22407 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de Contacto en Yahoo! Messenger 8.1.0.209 y anteriores permite a atacantes remotos con la intervención del usuario inyectar secuencias de comandos web o HTML de su elección a través de un URI javascript: en el atributo SRC de un elemento IMG en los campos (1) Nombre (First Name), (2) Apellido (Last Name), y (3) Apodo (Nickname). • https://www.exploit-db.com/exploits/29531 http://osvdb.org/31674 http://secunia.com/advisories/23928 http://www.securityfocus.com/archive/1/458225/100/0/threaded http://www.securityfocus.com/archive/1/458305/100/0/threaded http://www.securityfocus.com/archive/1/458494/100/0/threaded http://www.securityfocus.com/bid/22269 •

CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Desbordamiento de búfer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar código de su elección a través de un documento HTML manipulado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://messenger.yahoo.com/security_update.php?id=120806 http://secunia.com/advisories/23401 http://securitytracker.com/id?1017387 http://www.kb.cert.org/vuls/id/901852 http://www.securityfocus.com/bid/21607 http://www.vupen.com/english/advisories/2006/5016 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. • http://marc.info/?l=bugtraq&m=111643475210982&w=2 •