Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
Max CVSS
5.0
EPSS Score
0.87%
Published
1999-12-22
Updated
2022-08-17
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
Max CVSS
5.0
EPSS Score
1.24%
Published
1999-10-29
Updated
2016-10-18
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Max CVSS
7.5
EPSS Score
0.73%
Published
1999-10-05
Updated
2016-10-18
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
Max CVSS
7.5
EPSS Score
0.76%
Published
1999-11-24
Updated
2017-10-10
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
Max CVSS
5.0
EPSS Score
2.37%
Published
1999-07-30
Updated
2016-10-18
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
Max CVSS
5.0
EPSS Score
4.02%
Published
1999-12-19
Updated
2016-10-18
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
Max CVSS
10.0
EPSS Score
0.84%
Published
1999-12-01
Updated
2008-09-09
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
Max CVSS
5.0
EPSS Score
0.87%
Published
1999-07-09
Updated
2022-08-17
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-05-01
Updated
2022-08-17
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
Max CVSS
5.0
EPSS Score
0.29%
Published
1999-07-06
Updated
2022-08-17
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
Max CVSS
5.0
EPSS Score
0.25%
Published
1999-09-13
Updated
2018-05-03
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
Max CVSS
5.0
EPSS Score
0.15%
Published
1999-05-07
Updated
2008-09-09
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
Max CVSS
5.1
EPSS Score
0.66%
Published
1999-09-02
Updated
2008-09-09
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
Max CVSS
5.0
EPSS Score
1.82%
Published
1999-03-01
Updated
2008-09-09
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
Max CVSS
7.5
EPSS Score
5.72%
Published
1999-03-01
Updated
2016-10-18
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
Max CVSS
6.4
EPSS Score
0.06%
Published
1999-03-18
Updated
2022-08-17
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!