Filtered by vendor Yahoo
Subscriptions
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0623 | 1 Yahoo | 1 Music Jukebox | 2025-04-09 | N/A |
| Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method. | ||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-3147 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4391 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. | ||||
| CVE-2007-3638 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | ||||
| CVE-2007-4635 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2002-1665 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. | ||||
| CVE-2005-0242 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | ||||
| CVE-2005-1618 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server. | ||||
| CVE-2003-1135 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID. | ||||
| CVE-2002-0032 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. | ||||
| CVE-2003-1129 | 1 Yahoo | 1 Audio Conferencing Activex Control | 2025-04-03 | N/A |
| Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat. | ||||
| CVE-2002-1664 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information. | ||||
| CVE-2002-0322 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing. | ||||
| CVE-2006-3298 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | ||||
| CVE-2002-0321 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks. | ||||
| CVE-2002-0320 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field. | ||||
| CVE-2000-0047 | 1 Yahoo | 1 Pager | 2025-04-03 | N/A |
| Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. | ||||
| CVE-2005-0737 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode. | ||||
| CVE-2006-4975 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | ||||