Vulnerabilities > Yahoo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-28 | CVE-2010-4710 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. | 4.3 |
| 2010-11-07 | CVE-2010-4209 | Cross-Site Scripting vulnerability in Yahoo YUI 2.8.0/2.8.1 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | 4.3 |
| 2010-11-07 | CVE-2010-4208 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | 4.3 |
| 2010-11-07 | CVE-2010-4207 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | 4.3 |
| 2009-12-02 | CVE-2009-4171 | Buffer Errors vulnerability in Yahoo Messenger 9.0.0.2162 An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. | 4.3 |
| 2008-05-07 | CVE-2008-2111 | Resource Management Errors vulnerability in Yahoo Assistant The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. | 9.3 |
| 2008-02-06 | CVE-2008-0625 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. | 4.3 |
| 2008-02-06 | CVE-2008-0624 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. | 4.3 |
| 2008-02-06 | CVE-2008-0623 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.056 Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. | 4.3 |
| 2007-12-27 | CVE-2007-6535 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Toolbar Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | 6.8 |