Vulnerabilities (CVE)

Filtered by vendor Yahoo Subscribe
Total 66 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6853 3 Apple, Mozilla, Yahoo 3 Macos, Firefox, Toolbar 2021-09-22 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
CVE-2013-4940 2 Moodle, Yahoo 2 Moodle, Yui 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
CVE-2013-4941 2 Moodle, Yahoo 2 Moodle, Yui 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2013-4942 2 Moodle, Yahoo 2 Moodle, Yui 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2013-4939 2 Moodle, Yahoo 2 Moodle, Yui 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2019-6035 1 Yahoo 1 Athenz 2020-01-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
CVE-2006-5563 1 Yahoo 1 Messenger 2018-10-17 5.0 MEDIUM N/A
Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4975 1 Yahoo 1 Messenger 2018-10-17 2.6 LOW N/A
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
CVE-2007-3147 1 Yahoo 1 Messenger 2018-10-16 9.3 HIGH N/A
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
CVE-2007-3148 1 Yahoo 1 Messenger 2018-10-16 9.3 HIGH N/A
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
CVE-2007-1680 1 Yahoo 1 Messenger 2018-10-16 9.3 HIGH N/A
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
CVE-2007-0768 1 Yahoo 1 Messenger 2018-10-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
CVE-2009-4171 1 Yahoo 1 Messenger 2018-10-10 4.3 MEDIUM N/A
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
CVE-2014-7216 1 Yahoo 1 Messenger 2018-10-09 9.3 HIGH N/A
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
CVE-2012-2645 2 Google, Yahoo 2 Android, Yahoo\! Browser 2017-12-22 4.3 MEDIUM N/A
The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2008-0624 1 Yahoo 1 Music Jukebox 2017-09-29 4.3 MEDIUM N/A
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
CVE-2008-0625 1 Yahoo 1 Music Jukebox 2017-09-29 4.3 MEDIUM N/A
Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Yahoo! Music Jukebox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddBitmap method.
CVE-2008-0623 1 Yahoo 1 Music Jukebox 2017-09-29 4.3 MEDIUM N/A
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2007-5017 1 Yahoo 1 Messenger 2017-09-29 5.0 MEDIUM N/A
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
CVE-2013-4873 1 Yahoo 1 Tumblr 2017-08-29 5.0 MEDIUM N/A
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.