VYPR

Vendor CVEs

Netscape

All CVEs

145 total · sorted by risk
  • CVE-1999-0007Jun 26, 1998
    risk 0.01cvss epss 0.08

    Information from SSL-encrypted sessions via PKCS #1.

  • CVE-1999-0031Jul 8, 1997
    risk 0.01cvss epss 0.18

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

  • CVE-2025-59900Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59897Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59896Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59895Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…

  • CVE-2025-59894Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59892Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59891Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-27380Jan 22, 2026
    risk 0.00cvss epss 0.00

    HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

  • CVE-2023-40378Oct 15, 2023
    risk 0.00cvss epss 0.00

    IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.

  • CVE-2022-24963Jan 31, 2023
    risk 0.00cvss epss 0.01

    Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

  • CVE-2021-35940Aug 23, 2021
    risk 0.00cvss epss 0.01

    An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to…

  • CVE-2019-6566May 9, 2019
    risk 0.00cvss epss 0.00

    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.

  • CVE-2019-6544May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is…

  • CVE-2019-6548May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.

  • CVE-2019-6546May 9, 2019
    risk 0.00cvss epss 0.01

    GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

  • CVE-2019-6564May 9, 2019
    risk 0.00cvss epss 0.00

    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

  • CVE-2018-18940Jan 31, 2019
    risk 0.00cvss epss 0.01

    servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to…

  • CVE-2009-2542Jul 20, 2009
    risk 0.00cvss epss 0.02

    Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

  • CVE-2008-2809Jul 8, 2008
    risk 0.00cvss epss 0.01

    Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the…

  • CVE-2008-1676Jul 7, 2008
    risk 0.00cvss epss 0.01

    Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote…

  • CVE-2006-6077Nov 24, 2006
    risk 0.00cvss epss 0.02

    The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which…

  • CVE-2006-2613May 26, 2006
    risk 0.00cvss epss 0.02

    Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to…

  • CVE-2006-1942Apr 20, 2006
    risk 0.00cvss epss 0.03

    Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then…

  • CVE-2005-2261Jul 13, 2005
    risk 0.00cvss epss 0.04

    Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

  • CVE-2005-2260Jul 13, 2005
    risk 0.00cvss epss 0.03

    The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally…

  • CVE-2005-2269Jul 13, 2005
    risk 0.00cvss epss 0.06

    Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary…

  • CVE-2005-1156May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

  • CVE-2005-1157May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be…

  • CVE-2004-1160Jan 10, 2005
    risk 0.00cvss epss 0.02

    Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site,…

  • CVE-2004-1753Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing…

  • CVE-2004-0905Sep 14, 2004
    risk 0.00cvss epss 0.03

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

  • CVE-2004-0718Jul 27, 2004
    risk 0.00cvss epss 0.02

    The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame…

  • CVE-2003-1560Dec 31, 2003
    risk 0.00cvss epss 0.01

    Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

  • CVE-2003-1492Dec 31, 2003
    risk 0.00cvss epss 0.01

    Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

  • CVE-2003-1265Dec 31, 2003
    risk 0.00cvss epss 0.00

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.

  • CVE-2003-0553Aug 18, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.

  • CVE-2002-1655Dec 31, 2002
    risk 0.00cvss epss 0.02

    The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.

  • CVE-2002-2248Dec 31, 2002
    risk 0.00cvss epss 0.06

    Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

  • CVE-2002-2284Dec 31, 2002
    risk 0.00cvss epss 0.02

    Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.

  • CVE-2002-2013Dec 31, 2002
    risk 0.00cvss epss 0.02

    Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

  • CVE-2002-2308Dec 31, 2002
    risk 0.00cvss epss 0.01

    Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.

  • CVE-2002-2061Dec 31, 2002
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

  • CVE-2002-1654Dec 31, 2002
    risk 0.00cvss epss 0.03

    iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force…

  • CVE-2002-1308Nov 29, 2002
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

  • CVE-2002-1204Nov 29, 2002
    risk 0.00cvss epss 0.01

    Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file,…

  • CVE-2002-1091Oct 4, 2002
    risk 0.00cvss epss 0.04

    Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

  • CVE-2002-0815Aug 12, 2002
    risk 0.00cvss epss 0.04

    The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted…

  • CVE-2002-0354Jun 25, 2002
    risk 0.00cvss epss 0.01

    The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText…