VYPR

Vendor CVEs

Netscape

All CVEs

145 total · sorted by risk
  • CVE-1999-0043CriDec 4, 1996
    risk 0.67cvss 9.8epss 0.45

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

  • CVE-1999-0239HigJan 1, 1998
    risk 0.52cvss 7.5epss 0.07

    Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

  • CVE-1999-0012HigFeb 6, 1998
    risk 0.47cvss 7.0epss 0.18

    Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

  • CVE-2005-2265Jul 13, 2005
    risk 0.08cvss epss 0.68

    Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

  • CVE-2000-0711Oct 20, 2000
    risk 0.06cvss epss 0.34

    Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

  • CVE-2007-1377Mar 10, 2007
    risk 0.05cvss epss 0.20

    AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a…

  • CVE-2005-2871Sep 9, 2005
    risk 0.05cvss epss 0.21

    Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character…

  • CVE-2000-0676Oct 20, 2000
    risk 0.05cvss epss 0.20

    Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

  • CVE-1999-0005Jul 20, 1998
    risk 0.05cvss epss 0.18

    Arbitrary command execution via IMAP buffer overflow in authenticate command.

  • CVE-1999-0045Dec 10, 1996
    risk 0.05cvss epss 0.26

    List of arbitrary files on Web host via nph-test-cgi script.

  • CVE-2006-4842Oct 12, 2006
    risk 0.04cvss epss 0.08

    The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

  • CVE-2006-4253Aug 21, 2006
    risk 0.04cvss epss 0.14

    Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to…

  • CVE-2006-2894Jun 7, 2006
    risk 0.04cvss epss 0.10

    Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target…

  • CVE-2005-4134Dec 9, 2005
    risk 0.04cvss epss 0.13

    Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during…

  • CVE-2005-0989May 2, 2005
    risk 0.04cvss epss 0.10

    The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

  • CVE-2004-0722Aug 18, 2004
    risk 0.04cvss epss 0.13

    Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

  • CVE-2001-0596Aug 2, 2001
    risk 0.04cvss epss 0.09

    Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

  • CVE-2001-0262Jul 2, 2001
    risk 0.04cvss epss 0.07

    Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

  • CVE-2000-0655Jul 25, 2000
    risk 0.04cvss epss 0.13

    Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

  • CVE-1999-1005Dec 19, 1999
    risk 0.04cvss epss 0.08

    Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

  • CVE-1999-0869Dec 1, 1998
    risk 0.04cvss epss 0.17

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

  • CVE-1999-0174Feb 1, 1997
    risk 0.04cvss epss 0.07

    The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2006-0496Feb 1, 2006
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS…

  • CVE-2004-0528Aug 6, 2004
    risk 0.03cvss epss 0.02

    Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

  • CVE-2003-1419Dec 31, 2003
    risk 0.03cvss epss 0.02

    Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.

  • CVE-2002-2338Dec 31, 2002
    risk 0.03cvss epss 0.04

    The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

  • CVE-2002-1766Dec 31, 2002
    risk 0.03cvss epss 0.01

    Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.

  • CVE-2002-1042Oct 4, 2002
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat…

  • CVE-2000-1196Aug 31, 2001
    risk 0.03cvss epss 0.04

    PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.

  • CVE-2001-0250Jun 2, 2001
    risk 0.03cvss epss 0.03

    The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.

  • CVE-2000-1075Dec 11, 2000
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

  • CVE-2000-1072Dec 11, 2000
    risk 0.03cvss epss 0.01

    iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

  • CVE-2000-1074Dec 11, 2000
    risk 0.03cvss epss 0.04

    csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

  • CVE-2000-0577Jun 21, 2000
    risk 0.03cvss epss 0.05

    Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-2000-0409May 10, 2000
    risk 0.03cvss epss 0.00

    Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

  • CVE-2000-0236Mar 17, 2000
    risk 0.03cvss epss 0.06

    Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.

  • CVE-1999-0744Jan 4, 2000
    risk 0.03cvss epss 0.03

    Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

  • CVE-1999-1532Oct 29, 1999
    risk 0.03cvss epss 0.02

    Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.

  • CVE-1999-0751Sep 13, 1999
    risk 0.03cvss epss 0.05

    Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

  • CVE-1999-0685Sep 2, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

  • CVE-1999-1130Jul 30, 1999
    risk 0.03cvss epss 0.03

    Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

  • CVE-1999-0752Jul 6, 1999
    risk 0.03cvss epss 0.05

    Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

  • CVE-1999-0269Aug 1, 1998
    risk 0.03cvss epss 0.05

    Netscape Enterprise servers may list files through the PageServices query.

  • CVE-2004-0826Dec 31, 2004
    risk 0.02cvss epss 0.23

    Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

  • CVE-2002-0076Mar 19, 2002
    risk 0.02cvss epss 0.27

    Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…

  • CVE-2007-4042Jul 27, 2007
    risk 0.01cvss epss 0.10

    Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

  • CVE-2007-3924Jul 21, 2007
    risk 0.01cvss epss 0.14

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome…

  • CVE-2004-1236Dec 31, 2004
    risk 0.01cvss epss 0.09

    Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

  • CVE-2004-0904Dec 31, 2004
    risk 0.01cvss epss 0.08

    Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

  • CVE-2002-0058Mar 15, 2002
    risk 0.01cvss epss 0.09

    Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and…

Page 1 of 3