| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote attacker can read information from a Netscape user's cache via JavaScript. |
| The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. |
| Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. |
| ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
| Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. |
| Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. |
| Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. |
| Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
| Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. |
| Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. |
| Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands. |
| Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." |
| Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. |
| Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. |
| Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. |
