Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yahoo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0322
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote malicious users to gain privileges of other users via sniffing.
Yahoo Messenger 4.0
NA
CVE-2003-1135
Buffer overflow in Yahoo! Messenger 5.6 allows remote malicious users to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
Yahoo Messenger 5.6
1 EDB exploit
NA
CVE-2007-3638
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sal...
Yahoo Messenger 8.1
1 EDB exploit
NA
CVE-2007-4391
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote malicious users to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, ...
Yahoo Messenger 8.1.0.413
2 EDB exploits
NA
CVE-2008-5490
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpstore Yahoo Answers
1 EDB exploit
NA
CVE-2002-0031
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and previous versions allows remote malicious users to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
Yahoo Messenger 5.0
2 EDB exploits
NA
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and previous versions allows remote malicious users to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
Yahoo Messenger 5.0
NA
CVE-2007-2385
The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote malicious users to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and capture...
Yahoo Ui Library
NA
CVE-2009-4171
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
Yahoo Messenger 9.0.0.2162
2 EDB exploits
NA
CVE-2007-3928
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
Yahoo Messenger 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »