CVE-2013-2307
https://notcve.org/view.php?id=CVE-2013-2307
The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. La aplicación Yahoo! Browser anteriore a v1.4.3 para Android permite a atacantes remotos espíar la barra de dirección a través de un sitio web manipulado. • http://jvn.jp/en/jp/JVN55074201/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000037 https://play.google.com/store/apps/details?id=jp.co.yahoo.android.ybrowser •
CVE-2012-5883
https://notcve.org/view.php?id=CVE-2012-5883
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en Bugzilla v3.7.x y v4.0.x antes de v4.0.9, v4.1.x y v4.2.x antes de v4.2.4 y v4.3.x y v4.4.x antes de v4.4rc1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con swfstore.swf. Se trata de un problema similar a CVE-2010-4209. • http://www.bugzilla.org/security/3.6.11 http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://bugzilla.mozilla.org/show_bug.cgi?id=808845 https://exchange.xforce.ibmcloud.com/vulnerabilities/80116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5881
https://notcve.org/view.php?id=CVE-2012-5881
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con charts.swf. Se trata de un problema similar con CVE-2010-4207. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/80118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5882
https://notcve.org/view.php?id=CVE-2012-5882
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.5.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con uploader.swf. Se trata de un problema similar a CVE-2010-4208. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2647
https://notcve.org/view.php?id=CVE-2012-2647
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar v1.0.0.5 y anteriores para Chrome y Safari, permiten a usuarios remotos modificar la URL de búsqueda configurada e interceptar termindos de búsqueda a través de una página web modificada. • http://jvn.jp/en/jp/JVN51769987/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •