Filtered by vendor Netscape
Subscriptions
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2024-09-17 | N/A |
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE. | ||||
CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-09-16 | N/A |
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | ||||
CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-09-16 | N/A |
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | ||||
CVE-2002-2308 | 1 Netscape | 1 Communicator | 2024-09-16 | N/A |
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | ||||
CVE-2000-1187 | 1 Netscape | 2 Communicator, Navigator | 2024-08-08 | N/A |
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | ||||
CVE-2000-1196 | 1 Netscape | 1 Publishingxpert | 2024-08-08 | N/A |
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. | ||||
CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2024-08-08 | N/A |
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | ||||
CVE-2000-1072 | 1 Netscape | 1 Iplanet Ical | 2024-08-08 | N/A |
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. | ||||
CVE-2000-1075 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2024-08-08 | N/A |
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. | ||||
CVE-2000-1071 | 1 Netscape | 1 Iplanet Ical | 2024-08-08 | N/A |
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. | ||||
CVE-2000-1073 | 1 Netscape | 1 Iplanet Ical | 2024-08-08 | N/A |
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. | ||||
CVE-2000-1074 | 1 Netscape | 1 Iplanet Ical | 2024-08-08 | N/A |
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. | ||||
CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2024-08-08 | N/A |
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | ||||
CVE-2000-0960 | 1 Netscape | 1 Messaging Server | 2024-08-08 | N/A |
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. | ||||
CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2024-08-08 | N/A |
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | ||||
CVE-2000-0676 | 1 Netscape | 1 Communicator | 2024-08-08 | N/A |
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | ||||
CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2024-08-08 | N/A |
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | ||||
CVE-2000-0600 | 2 Netscape, Novell | 2 Enterprise Server, Netware | 2024-08-08 | N/A |
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. | ||||
CVE-2000-0577 | 1 Netscape | 1 Professional Services Ftpserver | 2024-08-08 | N/A |
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | ||||
CVE-2000-0517 | 1 Netscape | 1 Communicator | 2024-08-08 | N/A |
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. |