CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2012-5883
https://notcve.org/view.php?id=CVE-2012-5883
16 Nov 2012 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en ... • http://www.bugzilla.org/security/3.6.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2647
https://notcve.org/view.php?id=CVE-2012-2647
31 Jul 2012 — Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar v1.0.0.5 y anteriores para Chrome y Safari, permiten a usuarios remotos modificar la URL de búsqueda configurada e interceptar termindos de búsqueda a través de una página web modificada. • http://jvn.jp/en/jp/JVN51769987/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2645
https://notcve.org/view.php?id=CVE-2012-2645
16 Jul 2012 — The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. La aplicación Navegador Yahoo! Yahoo! • http://jvn.jp/en/jp/JVN46088915/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 83EXPL: 0CVE-2012-0268
https://notcve.org/view.php?id=CVE-2012-0268
19 Jan 2012 — Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. Un desbordamiento de entero en el método CYImage::LoadJPG en YImage.dll en Yahoo! Messenger antes de v11.5.0.155, cuando la compartición fotos está activada, podría permitir a atacantes remotos ejecutar código de su elección a través de una imagen JPG modif... • http://secunia.com/advisories/47041 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4710
https://notcve.org/view.php?id=CVE-2010-4710
28 Jan 2011 — Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el accesorio Menu en YUI anteriores a v2.9.0 permite a atacantes remotos inyectar ... • http://yuilibrary.com/forum/viewtopic.php?p=12923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 1%CPEs: 10EXPL: 0CVE-2010-4207
https://notcve.org/view.php?id=CVE-2010-4207
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.4.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyec... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 0CVE-2010-4208
https://notcve.org/view.php?id=CVE-2010-4208
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.5.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos i... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2010-4209
https://notcve.org/view.php?id=CVE-2010-4209
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.8.0 hasta v2.8.1, tal como se emplea en Bugzilla v3.7.1 hasta v3.7.3 y v4.1, permite a atacantes remotos inyecta... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2009-4171 – Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-4171
02 Dec 2009 — An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. Un control ActiveX en YahooBridgeLib.dll para Yahoo! Messenger v9.0.0.2162, y posiblemente otras versiones 9.0, permite a atacantes remotos producir una denegación de servicio (desreferencia a un puntero NULL y caída de aplicación ) mediante una ll... • https://www.exploit-db.com/exploits/10092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2008-2111 – Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption
https://notcve.org/view.php?id=CVE-2008-2111
07 May 2008 — The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. El control ActiveX (yNotifier.dll) de Yahoo! Assistant versión 3.6 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de vectores no especificados en el objeto Ynoifier COM que provoca una corrupción de memoria. • https://www.exploit-db.com/exploits/31748 • CWE-399: Resource Management Errors •