Page 2 of 10 results (0.009 seconds)

CVSS: 9.3EPSS: 40%CPEs: 6EXPL: 5

CVE-2007-3148 – Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-3148

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. El desbordamiento del búfer en el control ActiveX de Yahoo! Webcam Viewer en ywcvwr.dll versión 2.0.1.4 para Yahoo! • https://www.exploit-db.com/exploits/4043 https://www.exploit-db.com/exploits/4052 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html http://messenger.yahoo.com/security_update.php?id=060707 http://osvdb.org/37081 http://research.eeye.com/html/advisories/published/AD20070608.html http://research.eeye.com/html/advisories/upcoming/20070605.html http://secunia.com/advisories/25547 http://securitytracker.com/id?1018204 http://www.kb.cert.org/vuls/id/932217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 4%CPEs: 24EXPL: 0

CVE-2007-0868

https://notcve.org/view.php?id=CVE-2007-0868

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad no especificada en la funcionalidad Chat Room en Yahoo! Messenger 8.1.0.239 y anteriores permite a atacantes remotos provocar denegación de servicio a través de vectores no especificado. • http://osvdb.org/34696 http://www.securityfocus.com/bid/22407 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-0768 – Yahoo! Messenger 8.0 - Notification Message HTML Injection

https://notcve.org/view.php?id=CVE-2007-0768

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Detalles de Contacto en Yahoo! Messenger 8.1.0.209 y anteriores permite a atacantes remotos con la intervención del usuario inyectar secuencias de comandos web o HTML de su elección a través de un URI javascript: en el atributo SRC de un elemento IMG en los campos (1) Nombre (First Name), (2) Apellido (Last Name), y (3) Apodo (Nickname). • https://www.exploit-db.com/exploits/29531 http://osvdb.org/31674 http://secunia.com/advisories/23928 http://www.securityfocus.com/archive/1/458225/100/0/threaded http://www.securityfocus.com/archive/1/458305/100/0/threaded http://www.securityfocus.com/archive/1/458494/100/0/threaded http://www.securityfocus.com/bid/22269 •

CVSS: 9.3EPSS: 7%CPEs: 7EXPL: 0

CVE-2006-6603

https://notcve.org/view.php?id=CVE-2006-6603

Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. Desbordamiento de búfer en el controlador YMMAPI.YMailAttach ActiveX (ymmapi.dll) anterior a 2005.1.1.4 en Yahoo! Messenger permote a un atacante remoto ejecutar código de su elección a través de un documento HTML manipulado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://messenger.yahoo.com/security_update.php?id=120806 http://secunia.com/advisories/23401 http://securitytracker.com/id?1017387 http://www.kb.cert.org/vuls/id/901852 http://www.securityfocus.com/bid/21607 http://www.vupen.com/english/advisories/2006/5016 •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 3

CVE-2006-3298 – Yahoo! Messenger 7.0/7.5 - 'jscript.dll' Non-ASCII Character Denial of Service

https://notcve.org/view.php?id=CVE-2006-3298

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. Yahoo! Messenger v7.5.0.814 y v7.0.438 permite a atacantes remotos provocar una denegación de servicio (caída) a través de mensajes que contiene caracteres non-ASCII, lo que provoca la caída en jscript.dll. • https://www.exploit-db.com/exploits/28099 http://secunia.com/advisories/20773 http://www.security.nnov.ru/Gnews281.html http://www.securityfocus.com/bid/18622 https://exchange.xforce.ibmcloud.com/vulnerabilities/27319 •