Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yahoo vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-6535
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow malicious users to execute arbitrary code via a long string to the IsTaggedBM method.
Yahoo Toolbar
5
CVSSv2
CVE-2013-4873
The Yahoo! Tumblr app prior to 3.4.1 for iOS sends cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Yahoo Tumblr
7.5
CVSSv2
CVE-2004-0043
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
Yahoo Messenger
4.3
CVSSv2
CVE-2007-0768
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and previous versions allow user-assisted remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG elem...
Yahoo Messenger
1 EDB exploit
5.8
CVSSv2
CVE-2013-4700
The Yahoo! Japan Shopping application 1.4 and previous versions for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Yahoo Japan Shopping
5
CVSSv2
CVE-2006-5563
Unspecified vulnerability in Yahoo! Messenger (Service 18) prior to 8.1.0.195 allows remote malicious users to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; t...
Yahoo Messenger 8.0
4.6
CVSSv2
CVE-2002-0031
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and previous versions allows remote malicious users to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
Yahoo Messenger 5.0
2 EDB exploits
7.5
CVSSv2
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and previous versions allows remote malicious users to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
Yahoo Messenger 5.0
5
CVSSv2
CVE-2007-2385
The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote malicious users to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and capture...
Yahoo Ui Library
6
CVSSv2
CVE-2007-3638
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sal...
Yahoo Messenger 8.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »