CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netscape : Security Vulnerabilities Published In 1999

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0034 1999-12-22 2008-09-10
5.0
None Remote Low Not required Partial None None
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
2 CVE-1999-1532 DoS 1999-10-29 2008-09-05
5.0
None Remote Low Not required None None Partial
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
3 CVE-1999-1357 XSS 1999-10-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
4 CVE-1999-1226 DoS Exec Code 1999-10-28 2008-09-10
2.6
None Remote High Not required None None Partial
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
5 CVE-1999-1189 DoS Exec Code Overflow 1999-11-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
6 CVE-1999-1130 1999-07-30 2008-09-05
5.0
None Remote Low Not required Partial None None
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
7 CVE-1999-1005 1999-12-19 2008-09-09
5.0
None Remote Low Not required Partial None None
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
8 CVE-1999-0892 Overflow 1999-12-24 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
9 CVE-1999-0853 Overflow +Priv 1999-12-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
10 CVE-1999-0827 1999-11-01 2008-09-09
2.6
None Remote High Not required Partial None None
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
11 CVE-1999-0809 1999-07-09 2008-09-09
5.0
None Remote Low Not required Partial None None
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
12 CVE-1999-0807 1999-05-01 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
13 CVE-1999-0762 1999-05-24 2008-09-09
2.6
None Remote High Not required Partial None None
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
14 CVE-1999-0752 DoS Overflow 1999-07-06 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
15 CVE-1999-0751 Overflow 1999-09-13 2008-09-09
5.0
None Remote Low Not required None None Partial
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
16 CVE-1999-0686 DoS 1999-05-07 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
17 CVE-1999-0685 Overflow 1999-09-02 2008-09-09
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
18 CVE-1999-0479 DoS 1999-03-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
19 CVE-1999-0440 Exec Code 1999-03-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
20 CVE-1999-0425 1999-03-18 2008-09-09
6.4
None Remote Low Not required None Partial Partial
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
21 CVE-1999-0424 1999-03-18 2008-09-09
2.1
None Local Low Not required Partial None None
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.