CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2647
https://notcve.org/view.php?id=CVE-2012-2647
31 Jul 2012 — Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar v1.0.0.5 y anteriores para Chrome y Safari, permiten a usuarios remotos modificar la URL de búsqueda configurada e interceptar termindos de búsqueda a través de una página web modificada. • http://jvn.jp/en/jp/JVN51769987/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2007-6536
https://notcve.org/view.php?id=CVE-2007-6536
27 Dec 2007 — The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. El diálogo Instalador de Botón Personalizad... • http://aviv.raffon.net/2007/12/18/GoogleToolbarDialogSpoofingVulnerability.aspx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 4CVE-2004-2475 – Google Toolbar 1.1.x - About.HTML HTML Injection
https://notcve.org/view.php?id=CVE-2004-2475
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. • https://www.exploit-db.com/exploits/24607 •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 2CVE-2002-1443
https://notcve.org/view.php?id=CVE-2002-1443
11 Apr 2003 — The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. La barra de herramientas de Google 1.1.58 y versiones anteriores, permite a sitios web remotos supervisar la entrada de un usuario en la barra de herramientas mediante un manejador de eventos 'onkeydown'. • http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 2CVE-2002-1442
https://notcve.org/view.php?id=CVE-2002-1442
18 Mar 2003 — The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. La barra de herramientas de Google 1.1.58 y versiones anteriores, permite a sitios web remotos realizar operaciones no autorizadas d... • http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html •
CVSS: 6.5EPSS: 15%CPEs: 3EXPL: 4CVE-2002-1444 – Google Toolbar 1.1.60 - Search Function Denial of Service
https://notcve.org/view.php?id=CVE-2002-1444
15 Aug 2002 — The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. • https://www.exploit-db.com/exploits/21712 •