VYPR

Communicator

by Netscape

CVEs (40)

  • CVE-2000-0711Oct 20, 2000
    risk 0.06cvss epss 0.34

    Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

  • CVE-2000-0676Oct 20, 2000
    risk 0.05cvss epss 0.20

    Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

  • CVE-2001-0596Aug 2, 2001
    risk 0.04cvss epss 0.09

    Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

  • CVE-2000-0655Jul 25, 2000
    risk 0.04cvss epss 0.13

    Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

  • CVE-1999-0174Feb 1, 1997
    risk 0.04cvss epss 0.07

    The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2002-1766Dec 31, 2002
    risk 0.03cvss epss 0.01

    Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.

  • CVE-2002-2338Dec 31, 2002
    risk 0.03cvss epss 0.04

    The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

  • CVE-2000-0409May 10, 2000
    risk 0.03cvss epss 0.00

    Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

  • CVE-1999-0685Sep 2, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

  • CVE-1999-0031Jul 8, 1997
    risk 0.01cvss epss 0.18

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

  • CVE-2019-6566May 9, 2019
    risk 0.00cvss epss 0.00

    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.

  • CVE-2019-6544May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is…

  • CVE-2019-6548May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.

  • CVE-2019-6546May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

  • CVE-2019-6564May 9, 2019
    risk 0.00cvss epss 0.00

    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

  • CVE-2002-2248Dec 31, 2002
    risk 0.00cvss epss 0.06

    Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

  • CVE-2002-2284Dec 31, 2002
    risk 0.00cvss epss 0.02

    Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.

  • CVE-2002-2308Dec 31, 2002
    risk 0.00cvss epss 0.01

    Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.

  • CVE-2002-2013Dec 31, 2002
    risk 0.00cvss epss 0.02

    Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

  • CVE-2002-1204Nov 29, 2002
    risk 0.00cvss epss 0.01

    Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file,…

Page 1 of 2