Vulnerabilities > Yahoo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-04-06 | CVE-2007-1680 | Remote Buffer Overflow vulnerability in Yahoo! Messenger Audio Conferencing ActiveX Control Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | 9.3 |
2007-02-09 | CVE-2007-0868 | Denial of Service vulnerability in Yahoo! Messenger Chat Room Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2007-02-06 | CVE-2007-0768 | HTML Injection vulnerability in Yahoo! Messenger Notification Message Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. network yahoo | 4.3 |
2006-12-15 | CVE-2006-6603 | Remote Buffer Overflow vulnerability in Yahoo! Messenger YMailAttach ActiveX Control Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
2006-10-27 | CVE-2006-5563 | Remote Buffer Overflow vulnerability in Yahoo Messenger 8.0 Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. | 5.0 |
2006-09-25 | CVE-2006-4975 | Cross-Site Scripting vulnerability in Yahoo! Messenger Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | 2.6 |
2006-06-29 | CVE-2006-3298 | Denial of Service vulnerability in Yahoo! Messenger Message Handling Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | 5.0 |
2005-05-19 | CVE-2005-1671 | Information Disclosure vulnerability in Messenger The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | 2.1 |
2005-05-16 | CVE-2005-1618 | Remote Denial Of Service vulnerability in Yahoo Messenger 5.5/5.6/6.0 The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server. | 5.0 |
2005-05-02 | CVE-2005-0737 | Remote Buffer Overflow vulnerability in Yahoo! Messenger Offline Mode Status Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. | 7.5 |