CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-4208
https://notcve.org/view.php?id=CVE-2010-4208
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.5.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con uploader/assets/uploader.swf • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://moodle.org/mod/forum/discuss.php?d=160910 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4171 – Yahoo! Messenger 9.0.0.2162 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-4171
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. Un control ActiveX en YahooBridgeLib.dll para Yahoo! Messenger v9.0.0.2162, y posiblemente otras versiones 9.0, permite a atacantes remotos producir una denegación de servicio (desreferencia a un puntero NULL y caída de aplicación ) mediante una llamada al método RegisterMe con un argumento largo. • https://www.exploit-db.com/exploits/10092 https://www.exploit-db.com/exploits/33350 http://www.securityfocus.com/archive/1/507818/100/0/threaded http://www.securityfocus.com/bid/37007 https://exchange.xforce.ibmcloud.com/vulnerabilities/54263 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 1CVE-2008-2111 – Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption
https://notcve.org/view.php?id=CVE-2008-2111
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. El control ActiveX (yNotifier.dll) de Yahoo! Assistant versión 3.6 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de vectores no especificados en el objeto Ynoifier COM que provoca una corrupción de memoria. • https://www.exploit-db.com/exploits/31748 http://secunia.com/advisories/30115 http://secway.org/advisory/AD20080506EN.txt http://www.securityfocus.com/bid/29065 http://www.securitytracker.com/id?1020004 http://www.vupen.com/english/advisories/2008/1471/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42233 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 23%CPEs: 1EXPL: 5CVE-2008-0623 – Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0623
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. Desbordamiento de búfer basado en pila en el control YMP Datagrid ActiveX (datagrid.dll) de Yahoo! Music Jukebox 2.2.2.056. Permite a atacantes remotosd ejecutar código de su elección a través de argumentos largos al método AddImage method. • https://www.exploit-db.com/exploits/5043 https://www.exploit-db.com/exploits/5051 https://www.exploit-db.com/exploits/5046 https://www.exploit-db.com/exploits/5048 http://secunia.com/advisories/28757 http://www.kb.cert.org/vuls/id/101676 http://www.securityfocus.com/bid/27590 http://www.securitytracker.com/id?1019301 http://www.vupen.com/english/advisories/2008/0396/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 8%CPEs: 1EXPL: 4CVE-2008-0624 – Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0624
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. Un desbordamiento de búfer en el control ActiveX YMP Datagrid (datagrid.dll) en Yahoo! JukeBox versión 2.2.2.56, permite a los atacantes remotos ejecutar código arbitrario por medio de un argumento largo para el método AddButton, una vulnerabilidad diferente de CVE-2008-0623. • https://www.exploit-db.com/exploits/5043 https://www.exploit-db.com/exploits/5051 https://www.exploit-db.com/exploits/5046 https://www.exploit-db.com/exploits/5048 http://secunia.com/advisories/28757 http://www.kb.cert.org/vuls/id/101676 http://www.securityfocus.com/bid/27579 http://www.vupen.com/english/advisories/2008/0396/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •