Vulnerabilities > Yahoo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-11-07 | CVE-2010-4208 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | 4.3 |
| 2010-11-07 | CVE-2010-4207 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | 4.3 |
| 2009-12-02 | CVE-2009-4171 | Buffer Errors vulnerability in Yahoo Messenger 9.0.0.2162 An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. | 4.3 |
| 2008-02-06 | CVE-2008-0625 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method. | 4.3 |
| 2008-02-06 | CVE-2008-0624 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.56 Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623. | 4.3 |
| 2008-02-06 | CVE-2008-0623 | Buffer Errors vulnerability in Yahoo Music Jukebox 2.2.2.056 Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. | 4.3 |
| 2007-12-27 | CVE-2007-6535 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Toolbar Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | 6.8 |
| 2007-12-04 | CVE-2007-6228 | Buffer Errors vulnerability in Yahoo Toolbar 1.4.1 Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method. | 6.8 |
| 2007-09-20 | CVE-2007-5017 | Path Traversal vulnerability in Yahoo Messenger 8.1.0.421 Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | 5.0 |
| 2007-08-31 | CVE-2007-4635 | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.209/8.1.0.402 Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. | 5.0 |