Page 9 of 67 results (0.008 seconds)

CVSS: 9.3EPSS: 95%CPEs: 6EXPL: 5

CVE-2007-3147 – Yahoo! Messenger 8.1.0.249 - ActiveX Control Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-3147

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en el control Yahoo! • https://www.exploit-db.com/exploits/16519 https://www.exploit-db.com/exploits/4042 https://www.exploit-db.com/exploits/4053 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html http://messenger.yahoo.com/security_update.php?id=060707 http://research.eeye.com/html/advisories/published/AD20070608.html http://research.eeye.com/html/advisories/upcoming/20070605.html http://secunia.com/advisories/25547 http://securityreason.com/securityalert/2809 http://securitytracker. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 40%CPEs: 6EXPL: 5

CVE-2007-3148 – Yahoo! Messenger Webcam 8.1 - ActiveX Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-3148

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. El desbordamiento del búfer en el control ActiveX de Yahoo! Webcam Viewer en ywcvwr.dll versión 2.0.1.4 para Yahoo! • https://www.exploit-db.com/exploits/4043 https://www.exploit-db.com/exploits/4052 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html http://messenger.yahoo.com/security_update.php?id=060707 http://osvdb.org/37081 http://research.eeye.com/html/advisories/published/AD20070608.html http://research.eeye.com/html/advisories/upcoming/20070605.html http://secunia.com/advisories/25547 http://securitytracker.com/id?1018204 http://www.kb.cert.org/vuls/id/932217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

CVE-2007-2385

https://notcve.org/view.php?id=CVE-2007-2385

The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." El marco de desarrollo Yahoo! UI intercambia datos utilizando JavaScript Object Notation (JSON) sin un esquema de protección asociado, lo cual permite a atacantes remotos obtener los datos mediante una página web que recolecta los datos a través de una URL en el atributo SRC de un elemento SCRIPT y captura los datos utilizando otro código JavaScript, también conocido como "Secuestro JavaScript". • http://osvdb.org/43324 http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf •

CVSS: 9.3EPSS: 67%CPEs: 5EXPL: 0

CVE-2007-1680 – Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-1680

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. Desbordamiento de búfer en la función createAndJoinConference en el control ActiveX AudioConf (yacscom.dll) en Yahoo! Messenger anterior a 20070313 permite a atacantes remotos ejecutar código de su elección a través de las propiedades (1) socksHostname y (2) hostname. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Yahoo Messenger. • http://messenger.yahoo.com/security_update.php?id=031207 http://osvdb.org/34319 http://secunia.com/advisories/24742 http://securityreason.com/securityalert/2523 http://www.kb.cert.org/vuls/id/388377 http://www.securityfocus.com/archive/1/464607/100/0/threaded http://www.securityfocus.com/bid/23291 http://www.securitytracker.com/id?1017867 http://www.vupen.com/english/advisories/2007/1219 http://www.zerodayinitiative.com/advisories/ZDI-07-012.html https://exchange.xforce. •

CVSS: 5.0EPSS: 4%CPEs: 24EXPL: 0

CVE-2007-0868

https://notcve.org/view.php?id=CVE-2007-0868

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad no especificada en la funcionalidad Chat Room en Yahoo! Messenger 8.1.0.239 y anteriores permite a atacantes remotos provocar denegación de servicio a través de vectores no especificado. • http://osvdb.org/34696 http://www.securityfocus.com/bid/22407 •