Filtered by vendor Netscape
Subscribe
Search
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0596 | 1 Netscape | 1 Communicator | 2017-10-10 | 7.5 HIGH | N/A |
| Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. | |||||
| CVE-2001-0745 | 1 Netscape | 1 Messanger | 2017-10-10 | 5.0 MEDIUM | N/A |
| Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. | |||||
| CVE-2001-0921 | 1 Netscape | 1 Communicator | 2017-10-10 | 2.1 LOW | N/A |
| Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. | |||||
| CVE-2002-2284 | 1 Netscape | 1 Communicator | 2017-07-29 | 6.4 MEDIUM | N/A |
| Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. | |||||
| CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2017-07-29 | 5.0 MEDIUM | N/A |
| Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | |||||
| CVE-2003-1419 | 1 Netscape | 1 Navigator | 2017-07-29 | 4.3 MEDIUM | N/A |
| Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||||
| CVE-2002-2248 | 1 Netscape | 1 Communicator | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | |||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-07-11 | 2.6 LOW | N/A |
| The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
| CVE-2004-0826 | 4 Hp, Mozilla, Netscape and 1 more | 10 Hp-ux, Network Security Services, Certificate Server and 7 more | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | |||||
| CVE-2004-0528 | 1 Netscape | 1 Navigator | 2017-07-11 | 5.0 MEDIUM | N/A |
| Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||||
| CVE-2004-1236 | 1 Netscape | 1 Directory Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2017-07-11 | 7.5 HIGH | N/A |
| iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | |||||
| CVE-2002-1766 | 1 Netscape | 1 Communicator | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | |||||
| CVE-2003-0553 | 1 Netscape | 1 Navigator | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||||
| CVE-2002-1091 | 3 Mozilla, Netscape, Opera Software | 3 Mozilla, Navigator, Opera Web Browser | 2016-10-18 | 7.5 HIGH | N/A |
| Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | |||||
| CVE-2002-0354 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2016-10-18 | 5.0 MEDIUM | N/A |
| The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | |||||
| CVE-2000-0087 | 1 Netscape | 2 Communicator, Navigator | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. | |||||
| CVE-1999-1532 | 1 Netscape | 1 Messaging Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands. | |||||
| CVE-1999-1357 | 1 Netscape | 1 Communicator | 2016-10-18 | 7.5 HIGH | N/A |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | |||||
| CVE-1999-1130 | 1 Netscape | 1 Enterprise Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | |||||
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | |||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2016-10-18 | 7.5 HIGH | N/A |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | |||||
| CVE-2003-1560 | 1 Netscape | 1 Navigator | 2009-01-29 | 5.0 MEDIUM | N/A |
| Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2000-0577 | 1 Netscape | 1 Professional Services Ftpserver | 2008-09-10 | 10.0 HIGH | N/A |
| Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||||
| CVE-2000-0676 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||||
| CVE-2000-0406 | 1 Netscape | 1 Communicator | 2008-09-10 | 2.6 LOW | N/A |
| Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. | |||||
| CVE-2000-0409 | 1 Netscape | 1 Communicator | 2008-09-10 | 3.7 LOW | N/A |
| Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | |||||
| CVE-2000-0237 | 1 Netscape | 1 Enterprise Server | 2008-09-10 | 6.4 MEDIUM | N/A |
| Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. | |||||
| CVE-2000-0236 | 1 Netscape | 1 Enterprise Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. | |||||
| CVE-2000-0034 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." | |||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2008-09-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | |||||
| CVE-1999-0853 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. | |||||
| CVE-1999-0868 | 5 Isc, Nec, Netscape and 2 more | 6 Inn, Goah Intrasv, Goah Networksv and 3 more | 2008-09-09 | 7.2 HIGH | N/A |
| ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. | |||||
| CVE-1999-0790 | 1 Netscape | 1 Communicator | 2008-09-09 | 2.6 LOW | N/A |
| A remote attacker can read information from a Netscape user's cache via JavaScript. | |||||
| CVE-1999-0809 | 1 Netscape | 1 Communicator | 2008-09-09 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". | |||||
| CVE-1999-0807 | 1 Netscape | 1 Directory Server | 2008-09-09 | 7.2 HIGH | N/A |
| The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. | |||||
| CVE-1999-0762 | 1 Netscape | 2 Communicator, Navigator | 2008-09-09 | 2.6 LOW | N/A |
| When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. | |||||
| CVE-1999-0758 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. | |||||
| CVE-1999-0752 | 1 Netscape | 1 Enterprise Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. | |||||
| CVE-1999-0686 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. | |||||
| CVE-1999-0685 | 1 Netscape | 1 Communicator | 2008-09-09 | 5.1 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. | |||||
| CVE-1999-0424 | 1 Netscape | 1 Communicator | 2008-09-09 | 2.1 LOW | N/A |
| talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. | |||||
| CVE-1999-0239 | 1 Netscape | 1 Fasttrack Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | |||||
| CVE-1999-0425 | 1 Netscape | 1 Communicator | 2008-09-09 | 6.4 MEDIUM | N/A |
| talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. | |||||
| CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Netscape Enterprise servers may list files through the PageServices query. | |||||