Vulnerabilities > Yahoo

DATE CVE VULNERABILITY TITLE RISK
2007-04-06 CVE-2007-1680 Remote Buffer Overflow vulnerability in Yahoo! Messenger Audio Conferencing ActiveX Control
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
network
yahoo
critical
9.3
2007-02-09 CVE-2007-0868 Denial of Service vulnerability in Yahoo! Messenger Chat Room
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
yahoo
5.0
2007-02-06 CVE-2007-0768 HTML Injection vulnerability in Yahoo! Messenger Notification Message
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields.
network
yahoo
4.3
2006-12-15 CVE-2006-6603 Remote Buffer Overflow vulnerability in Yahoo! Messenger YMailAttach ActiveX Control
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document.
network
yahoo
critical
9.3
2006-10-27 CVE-2006-5563 Remote Buffer Overflow vulnerability in Yahoo Messenger 8.0
Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite.
network
low complexity
yahoo
5.0
2006-09-25 CVE-2006-4975 Cross-Site Scripting vulnerability in Yahoo! Messenger
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
network
high complexity
yahoo
2.6
2006-06-29 CVE-2006-3298 Denial of Service vulnerability in Yahoo! Messenger Message Handling
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
network
low complexity
yahoo
5.0
2005-05-19 CVE-2005-1671 Information Disclosure vulnerability in Messenger
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
local
low complexity
yahoo
2.1
2005-05-16 CVE-2005-1618 Remote Denial Of Service vulnerability in Yahoo Messenger 5.5/5.6/6.0
The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.
network
low complexity
yahoo
5.0
2005-05-02 CVE-2005-0737 Remote Buffer Overflow vulnerability in Yahoo! Messenger Offline Mode Status
Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.
network
low complexity
yahoo
7.5