Filtered by vendor Netscape
Subscriptions
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2024-08-05 | N/A |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | ||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2024-08-01 | 9.8 Critical |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||||
| CVE-1999-1532 | 1 Netscape | 1 Messaging Server | 2024-08-01 | N/A |
| Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands. | ||||
| CVE-1999-1357 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | ||||
| CVE-1999-1262 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. | ||||
| CVE-1999-1226 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. | ||||
| CVE-1999-1130 | 1 Netscape | 1 Enterprise Server | 2024-08-01 | N/A |
| Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | ||||
| CVE-1999-1189 | 1 Netscape | 2 Communicator, Navigator | 2024-08-01 | N/A |
| Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. | ||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | ||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2024-08-01 | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | ||||
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | ||||
| CVE-1999-0868 | 5 Isc, Nec, Netscape and 2 more | 6 Inn, Goah Intrasv, Goah Networksv and 3 more | 2024-08-01 | N/A |
| ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. | ||||
| CVE-1999-0869 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2024-08-01 | N/A |
| Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. | ||||
| CVE-1999-0853 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2024-08-01 | N/A |
| Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. | ||||
| CVE-1999-0809 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed". | ||||
| CVE-1999-0790 | 1 Netscape | 1 Communicator | 2024-08-01 | N/A |
| A remote attacker can read information from a Netscape user's cache via JavaScript. | ||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2024-08-01 | N/A |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | ||||
| CVE-1999-0751 | 1 Netscape | 1 Enterprise Server | 2024-08-01 | N/A |
| Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. | ||||
| CVE-1999-0807 | 1 Netscape | 1 Directory Server | 2024-08-01 | N/A |
| The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. | ||||
| CVE-1999-0762 | 1 Netscape | 2 Communicator, Navigator | 2024-08-01 | N/A |
| When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. | ||||